Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
C7jdH7geD6.exe

Overview

General Information

Sample name:C7jdH7geD6.exe
renamed because original name is a hash value
Original sample name:893ab45fcc1fdbc5f30d67f5b44fae4a3fb3a37775491d231f2c72081d99ffa7.exe
Analysis ID:1388396
MD5:2498f71c2e68a551033e64c7ba1ab19a
SHA1:4056d6f648b1fd84a4b6d3b6982ee22f09f85584
SHA256:893ab45fcc1fdbc5f30d67f5b44fae4a3fb3a37775491d231f2c72081d99ffa7
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Early bird code injection technique detected
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject code into remote processes
Drops PE files to the document folder of the user
Queues an APC in another process (thread injection)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Explorer Process Tree Break
Sigma detected: Msiexec Initiated Connection
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • C7jdH7geD6.exe (PID: 7276 cmdline: C:\Users\user\Desktop\C7jdH7geD6.exe MD5: 2498F71C2E68A551033E64C7BA1AB19A)
    • msiexec.exe (PID: 7388 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • explorer.exe (PID: 7476 cmdline: C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
  • explorer.exe (PID: 7512 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • msedge.exe (PID: 7592 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: 2498F71C2E68A551033E64C7BA1AB19A)
    • msedge.exe (PID: 7636 cmdline: "C:\Users\user\Documents\msedge.exe" MD5: 2498F71C2E68A551033E64C7BA1AB19A)
      • msiexec.exe (PID: 7864 cmdline: "C:\Program Files (x86)\msiexec.exe" -Puppet MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\C7jdH7geD6.exe, ProcessId: 7276, TargetFilename: C:\Program Files (x86)\msiexec.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\msiexec.exe" -Puppet, CommandLine: "C:\Program Files (x86)\msiexec.exe" -Puppet, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\msiexec.exe, NewProcessName: C:\Program Files (x86)\msiexec.exe, OriginalFileName: C:\Program Files (x86)\msiexec.exe, ParentCommandLine: C:\Users\user\Desktop\C7jdH7geD6.exe, ParentImage: C:\Users\user\Desktop\C7jdH7geD6.exe, ParentProcessId: 7276, ParentProcessName: C7jdH7geD6.exe, ProcessCommandLine: "C:\Program Files (x86)\msiexec.exe" -Puppet, ProcessId: 7388, ProcessName: msiexec.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 7512, ProcessName: explorer.exe
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 206.238.220.90, DestinationIsIpv6: false, DestinationPort: 16037, EventID: 3, Image: C:\Program Files (x86)\msiexec.exe, Initiated: true, ProcessId: 7388, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer "C:\Users\user\Documents\msedge.exe" , EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\C7jdH7geD6.exe, ProcessId: 7276, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\IsSystemUpgradeComponentRegistered
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://whois.pconline.com.cn/ipJson.jspfAvira URL Cloud: Label: malware
Source: http://whois.pconline.com.cn/ipJson.jspUDPAvira URL Cloud: Label: malware
Source: http://whois.pconline.com.cn/ipJson.jsp2Avira URL Cloud: Label: malware
Source: C:\Users\user\Documents\msedge.exeReversingLabs: Detection: 60%
Source: C7jdH7geD6.exeReversingLabs: Detection: 60%
Source: C7jdH7geD6.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: msiexec.pdb source: msiexec.exe, msiexec.exe, 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000A.00000000.2246645453.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: msiexec.exe, 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000A.00000000.2246645453.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr

Networking

barindex
Source: global trafficTCP traffic: 206.238.220.90 ports 16037,0,1,3,6,7
Source: global trafficTCP traffic: 192.168.2.5:49705 -> 206.238.220.90:16037
Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: unknownTCP traffic detected without corresponding DNS query: 206.238.220.90
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00401920 Sleep,GetProcAddress,GetProcAddress,recv,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,Sleep,0_2_00401920
Source: global trafficHTTP traffic detected: GET /ipJson.jsp HTTP/1.1User-Agent: HTTPGETHost: whois.pconline.com.cnCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /ipJson.jsp HTTP/1.1User-Agent: HTTPGETHost: whois.pconline.com.cnCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: whois.pconline.com.cn
Source: msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/
Source: msiexec.exe, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp
Source: msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp)
Source: msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jsp2
Source: C7jdH7geD6.exe, 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000002.2105598991.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000002.2105598991.0000000003C09000.00000004.00000020.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277479528.0000000003B37000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277354313.0000000002320000.00000040.00001000.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277479528.0000000003AE7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277613766.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspUDP
Source: msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whois.pconline.com.cn/ipJson.jspf
Source: C:\Program Files (x86)\msiexec.exeProcess Stats: CPU usage > 49%
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002163E3 GetVersionExW,GetCurrentProcess,NtQueryInformationProcess,GetCommandLineW,GetStdHandle,GetFileType,memset,memset,RegQueryValueExW,RegCloseKey,RegQueryValueExW,RegCloseKey,CompareStringW,CompareStringW,CompareStringW,memset,GlobalFree,lstrlenW,GlobalFree,CoInitialize,CoRegisterClassObject,GetCurrentThread,OpenThreadToken,GetLastError,OpenEventW,WaitForSingleObject,CloseHandle,RevertToSelf,RegCloseKey,RegEnumKeyW,RevertToSelf,GetCurrentProcess,OpenProcessToken,GetTokenInformation,EqualSid,CloseHandle,GetLastError,memset,CloseHandle,MakeAbsoluteSD,GetLastError,CloseHandle,CloseHandle,CreateEventW,CloseHandle,CreateEventW,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,TranslateMessage,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CoRevokeClassObject,CoUninitialize,GetLastError,GetMessageW,TranslateMessage,DispatchMessageW,2_2_002163E3
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10005C30 ExitWindowsEx,0_2_10005C30
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_02557834 ExitWindowsEx,0_2_02557834
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10005C30 ExitWindowsEx,2_2_10005C30
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028A7834 ExitWindowsEx,2_2_028A7834
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10005C30 ExitWindowsEx,8_2_10005C30
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_02327834 ExitWindowsEx,8_2_02327834
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10005C30 ExitWindowsEx,10_2_10005C30
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026A7834 ExitWindowsEx,10_2_026A7834
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_100159070_2_10015907
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1002414B0_2_1002414B
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_100151970_2_10015197
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_100209A40_2_100209A4
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10025B3B0_2_10025B3B
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10023BFA0_2_10023BFA
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_100024C00_2_100024C0
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10015CEF0_2_10015CEF
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10014D020_2_10014D02
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_100155350_2_10015535
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10024D780_2_10024D78
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1002469C0_2_1002469C
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025762A00_2_025762A0
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025540C40_2_025540C4
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025678F30_2_025678F3
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025669060_2_02566906
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025671390_2_02567139
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_0257773F0_2_0257773F
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025757FE0_2_025757FE
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_02575D4F0_2_02575D4F
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_0256750B0_2_0256750B
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_02566D9B0_2_02566D9B
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025725A80_2_025725A8
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002163E32_2_002163E3
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100159072_2_10015907
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1002414B2_2_1002414B
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100151972_2_10015197
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100209A42_2_100209A4
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10025B3B2_2_10025B3B
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10023BFA2_2_10023BFA
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100024C02_2_100024C0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10015CEF2_2_10015CEF
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10014D022_2_10014D02
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_100155352_2_10015535
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10024D782_2_10024D78
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1002469C2_2_1002469C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028C62A02_2_028C62A0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028A40C42_2_028A40C4
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B78F32_2_028B78F3
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B69062_2_028B6906
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B71392_2_028B7139
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028C57FE2_2_028C57FE
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028C773F2_2_028C773F
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B6D9B2_2_028B6D9B
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028C25A82_2_028C25A8
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B750B2_2_028B750B
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028C5D4F2_2_028C5D4F
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100159078_2_10015907
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1002414B8_2_1002414B
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100151978_2_10015197
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100209A48_2_100209A4
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10025B3B8_2_10025B3B
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10023BFA8_2_10023BFA
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100024C08_2_100024C0
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10015CEF8_2_10015CEF
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10014D028_2_10014D02
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_100155358_2_10015535
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10024D788_2_10024D78
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1002469C8_2_1002469C
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023462A08_2_023462A0
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023378F38_2_023378F3
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023240C48_2_023240C4
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023371398_2_02337139
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023369068_2_02336906
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_0234773F8_2_0234773F
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023457FE8_2_023457FE
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_0233750B8_2_0233750B
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_02345D4F8_2_02345D4F
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023425A88_2_023425A8
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_02336D9B8_2_02336D9B
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1001590710_2_10015907
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1002414B10_2_1002414B
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1001519710_2_10015197
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_100209A410_2_100209A4
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10025B3B10_2_10025B3B
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10023BFA10_2_10023BFA
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_100024C010_2_100024C0
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10015CEF10_2_10015CEF
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10014D0210_2_10014D02
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1001553510_2_10015535
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10024D7810_2_10024D78
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1002469C10_2_1002469C
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026C62A010_2_026C62A0
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B78F310_2_026B78F3
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026A40C410_2_026A40C4
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B713910_2_026B7139
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B690610_2_026B6906
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026C773F10_2_026C773F
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026C57FE10_2_026C57FE
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026C5D4F10_2_026C5D4F
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B750B10_2_026B750B
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026C25A810_2_026C25A8
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B6D9B10_2_026B6D9B
Source: C:\Program Files (x86)\msiexec.exeCode function: String function: 026BDC94 appears 39 times
Source: C:\Program Files (x86)\msiexec.exeCode function: String function: 1001078F appears 32 times
Source: C:\Program Files (x86)\msiexec.exeCode function: String function: 028BDC94 appears 39 times
Source: C:\Program Files (x86)\msiexec.exeCode function: String function: 1000E910 appears 56 times
Source: C:\Program Files (x86)\msiexec.exeCode function: String function: 1001D0FD appears 34 times
Source: C:\Program Files (x86)\msiexec.exeCode function: String function: 1001C090 appears 78 times
Source: C:\Users\user\Documents\msedge.exeCode function: String function: 00413FCE appears 34 times
Source: C:\Users\user\Documents\msedge.exeCode function: String function: 1001C090 appears 39 times
Source: C:\Users\user\Documents\msedge.exeCode function: String function: 0233DC94 appears 39 times
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: String function: 0256DC94 appears 39 times
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: String function: 1001C090 appears 39 times
Source: C7jdH7geD6.exe, 00000000.00000000.2015628136.000000000041C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCGfxListView.EXET vs C7jdH7geD6.exe
Source: C7jdH7geD6.exe, 00000000.00000003.2074993792.000000000060F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs C7jdH7geD6.exe
Source: C7jdH7geD6.exe, 00000000.00000003.2073889500.000000000060E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCGfxListView.EXET vs C7jdH7geD6.exe
Source: C7jdH7geD6.exeBinary or memory string: OriginalFilenameCGfxListView.EXET vs C7jdH7geD6.exe
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: msvcp60.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: msvcp60.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Documents\msedge.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C7jdH7geD6.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal100.troj.evad.winEXE@10/4@2/2
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00412CD0 LookupPrivilegeValueA,AdjustTokenPrivileges,0_2_00412CD0
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00412DB0 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,CloseHandle,#825,CloseHandle,0_2_00412DB0
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1000F710 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,0_2_1000F710
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1000E910 AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,0_2_1000E910
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1000EB40 AdjustTokenPrivileges,PostThreadMessageA,0_2_1000EB40
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1000F580 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,std::_Xinvalid_argument,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,0_2_1000F580
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_02560514 LookupPrivilegeValueA,AdjustTokenPrivileges,0_2_02560514
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00212F93 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,2_2_00212F93
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000F710 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,2_2_1000F710
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000E910 AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,2_2_1000E910
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000EB40 AdjustTokenPrivileges,PostThreadMessageA,2_2_1000EB40
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1000F580 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,std::_Xinvalid_argument,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,2_2_1000F580
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B0514 LookupPrivilegeValueA,AdjustTokenPrivileges,2_2_028B0514
Source: C:\Users\user\Documents\msedge.exeCode function: 5_2_00412CD0 LookupPrivilegeValueA,AdjustTokenPrivileges,5_2_00412CD0
Source: C:\Users\user\Documents\msedge.exeCode function: 5_2_00412DB0 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,CloseHandle,#825,CloseHandle,5_2_00412DB0
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_00412CD0 LookupPrivilegeValueA,AdjustTokenPrivileges,8_2_00412CD0
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_00412DB0 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,CloseHandle,#825,CloseHandle,8_2_00412DB0
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000F710 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,8_2_1000F710
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000E910 AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,8_2_1000E910
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000EB40 AdjustTokenPrivileges,PostThreadMessageA,8_2_1000EB40
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1000F580 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,std::_Xinvalid_argument,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,8_2_1000F580
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_02330514 LookupPrivilegeValueA,AdjustTokenPrivileges,8_2_02330514
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1000F710 OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,10_2_1000F710
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1000E910 AdjustTokenPrivileges,LookupPrivilegeValueA,AdjustTokenPrivileges,10_2_1000E910
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1000EB40 AdjustTokenPrivileges,PostThreadMessageA,10_2_1000EB40
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1000F580 AdjustTokenPrivileges,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,std::_Xinvalid_argument,OpenProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,TerminateProcess,AdjustTokenPrivileges,CloseHandle,CloseHandle,10_2_1000F580
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B0514 LookupPrivilegeValueA,AdjustTokenPrivileges,10_2_026B0514
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00412D30 CreateToolhelp32Snapshot,Process32First,_stricmp,_stricmp,Process32Next,_stricmp,FindCloseChangeNotification,0_2_00412D30
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00412380 AppendMenuA,#1146,FindResourceA,LoadResource,LockResource,#2096,ImageList_SetBkColor,#1146,LoadBitmapA,#1641,ImageList_AddMasked,#2414,#2414,0_2_00412380
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00217DD0 StartServiceCtrlDispatcherW,GetLastError,2_2_00217DD0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00217DD0 StartServiceCtrlDispatcherW,GetLastError,2_2_00217DD0
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile created: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile created: C:\Users\user\Documents\msedge.exeJump to behavior
Source: C:\Program Files (x86)\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\1:16037
Source: unknownProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C7jdH7geD6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C7jdH7geD6.exeReversingLabs: Detection: 60%
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile read: C:\Users\user\Desktop\C7jdH7geD6.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\C7jdH7geD6.exe C:\Users\user\Desktop\C7jdH7geD6.exe
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe"
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -Puppet
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Documents\msedge.exe "C:\Users\user\Documents\msedge.exe" Jump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Binary string: msiexec.pdb source: msiexec.exe, msiexec.exe, 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000A.00000000.2246645453.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: Binary string: \Plugins\Release\online.pdb source: msiexec.exe, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: msiexec.pdbGCTL source: msiexec.exe, 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe, 0000000A.00000000.2246645453.0000000000211000.00000020.00000001.01000000.00000005.sdmp, msiexec.exe.0.dr
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00401830 GetProcAddress,GetProcAddress,socket,GetProcAddress,gethostbyname,GetProcAddress,connect,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateThread,0_2_00401830
Source: msiexec.exe.0.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_004145D0 push eax; ret 0_2_004145FE
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1001C0D5 push ecx; ret 0_2_1001C0E8
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10016BC0 push ecx; ret 0_2_10016BD3
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_02577EF1 push E91002C3h; retf 0_2_02577EF6
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_025687C4 push ecx; ret 0_2_025687D7
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_0256DCD9 push ecx; ret 0_2_0256DCEC
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00219F2D push ecx; ret 2_2_00219F40
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1001C0D5 push ecx; ret 2_2_1001C0E8
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10016BC0 push ecx; ret 2_2_10016BD3
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028C7EF1 push E91002C3h; retf 2_2_028C7EF6
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B87C4 push ecx; ret 2_2_028B87D7
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028BDCD9 push ecx; ret 2_2_028BDCEC
Source: C:\Users\user\Documents\msedge.exeCode function: 5_2_004145D0 push eax; ret 5_2_004145FE
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_004145D0 push eax; ret 8_2_004145FE
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1001C0D5 push ecx; ret 8_2_1001C0E8
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10016BC0 push ecx; ret 8_2_10016BD3
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_02347EF1 push E91002C3h; retf 8_2_02347EF6
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_023387C4 push ecx; ret 8_2_023387D7
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_0233DCD9 push ecx; ret 8_2_0233DCEC
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1001C0D5 push ecx; ret 10_2_1001C0E8
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10016BC0 push ecx; ret 10_2_10016BD3
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026C7EF1 push E91002C3h; retf 10_2_026C7EF6
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B87C4 push ecx; ret 10_2_026B87D7
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026BDCD9 push ecx; ret 10_2_026BDCEC

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile created: C:\Users\user\Documents\msedge.exeJump to dropped file
Source: C:\Users\user\Desktop\C7jdH7geD6.exeFile created: C:\Program Files (x86)\msiexec.exeJump to dropped file
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00217DD0 StartServiceCtrlDispatcherW,GetLastError,2_2_00217DD0
Source: C:\Users\user\Desktop\C7jdH7geD6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegisteredJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 657Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 3633Jump to behavior
Source: C:\Program Files (x86)\msiexec.exeWindow / User API: threadDelayed 5455Jump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeAPI coverage: 5.5 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 8.9 %
Source: C:\Users\user\Documents\msedge.exeAPI coverage: 5.2 %
Source: C:\Program Files (x86)\msiexec.exeAPI coverage: 6.4 %
Source: C:\Program Files (x86)\msiexec.exe TID: 7404Thread sleep count: 657 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 7404Thread sleep time: -1971000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 7420Thread sleep count: 3633 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 7420Thread sleep time: -36330s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 7404Thread sleep count: 5455 > 30Jump to behavior
Source: C:\Program Files (x86)\msiexec.exe TID: 7404Thread sleep time: -16365000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\msiexec.exeThread sleep count: Count: 3633 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1000E010 GetModuleHandleW,GetProcAddress,OutputDebugStringA,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,inet_addr,wsprintfA,OutputDebugStringA,_strncpy,OutputDebugStringA,_strncpy,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,RegOpenKeyA,RegQueryValueExA,RegCloseKey,GetSystemInfo,wsprintfA,GlobalMemoryStatusEx,OutputDebugStringA,capGetDriverDescriptionA,wsprintfA,OutputDebugStringA,OutputDebugStringA,std::_Lockit::_Lockit,std::_Lockit::_Lockit,0_2_1000E010
Source: msiexec.exe, 00000002.00000002.4476382144.0000000002A38000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000004.00000003.2780603112.0000000000A58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 00000004.00000003.2780603112.0000000000A58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: explorer.exe, 00000004.00000003.2780603112.0000000000A58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: od_VMware_SATA_C4&22Y
Source: explorer.exe, 00000004.00000003.2780603112.0000000000A58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}s\alfo
Source: C7jdH7geD6.exe, 00000000.00000002.2105299831.00000000005EC000.00000004.00000020.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000003.2075011745.00000000005EC000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277081954.000000000053D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249437017.00000000029CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\C7jdH7geD6.exeAPI call chain: ExitProcess graph end nodegraph_0-40634
Source: C:\Program Files (x86)\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_2-39448
Source: C:\Users\user\Documents\msedge.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1001B894 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_1001B894
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002159F2 GetLastError,RegQueryValueExW,RegCloseKey,GlobalFree,RegCreateKeyExW,RegSetValueExW,lstrlenW,RegSetValueExW,RegCloseKey,memset,OutputDebugStringW,SetLastError,2_2_002159F2
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_00401830 GetProcAddress,GetProcAddress,socket,GetProcAddress,gethostbyname,GetProcAddress,connect,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateThread,0_2_00401830
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002163E3 mov eax, dword ptr fs:[00000030h]2_2_002163E3
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10006170 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,VirtualFree,GetProcessHeap,HeapFree,0_2_10006170
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1001B894 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_1001B894
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10013318 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10013318
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_02564F1C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02564F1C
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_0256D498 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0256D498
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00219C10 SetUnhandledExceptionFilter,2_2_00219C10
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002195F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_002195F0
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_1001B894 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_1001B894
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_10013318 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_10013318
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028B4F1C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_028B4F1C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_028BD498 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_028BD498
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_1001B894 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_1001B894
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_10013318 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_10013318
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_02334F1C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_02334F1C
Source: C:\Users\user\Documents\msedge.exeCode function: 8_2_0233D498 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0233D498
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_1001B894 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_1001B894
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_10013318 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_10013318
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026B4F1C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_026B4F1C
Source: C:\Program Files (x86)\msiexec.exeCode function: 10_2_026BD498 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_026BD498

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created / APC Queued / Resumed: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 28A0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory allocated: C:\Program Files (x86)\msiexec.exe base: 26A0000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_10005740 OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_memset,OutputDebugStringA,CreateProcessA,CreateProcessA,_memset,GetNativeSystemInfo,GetSystemWow64DirectoryA,GetSystemDirectoryA,OutputDebugStringA,SHGetFolderPathA,swprintf,CopyFileA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,OutputDebugStringA,Wow64SuspendThread,OutputDebugStringA,VirtualAllocEx,OutputDebugStringA,WriteProcessMemory,OutputDebugStringA,QueueUserAPC,ResumeThread,0_2_10005740
Source: C:\Users\user\Desktop\C7jdH7geD6.exeThread APC queued: target process: C:\Program Files (x86)\msiexec.exeJump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 28A0000Jump to behavior
Source: C:\Users\user\Documents\msedge.exeMemory written: C:\Program Files (x86)\msiexec.exe base: 26A0000Jump to behavior
Source: C:\Users\user\Desktop\C7jdH7geD6.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Users\user\Documents\msedge.exeProcess created: C:\Program Files (x86)\msiexec.exe "C:\Program Files (x86)\msiexec.exe" -PuppetJump to behavior
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002131A9 FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,GetLengthSid,memset,GlobalAlloc,InitializeAcl,AddAccessAllowedAce,GetAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetSecurityDescriptorLength,MakeSelfRelativeSD,GetLastError,GlobalFree,GetLastError,FreeSid,2_2_002131A9
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_002130F2 AllocateAndInitializeSid,GetLastError,GetLengthSid,FreeSid,GetLengthSid,memcpy,FreeSid,2_2_002130F2
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_10023019
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_1001F95D
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_1001F1A4
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,0_2_10016219
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,0_2_1001FA52
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,0_2_10016256
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,0_2_1001FAF9
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,0_2_1001CB39
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,0_2_1001FB54
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoA,0_2_10023469
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,0_2_1001F492
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_1001FD25
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_1001E548
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,0_2_1001BD65
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_1001FDE5
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_1001FE4C
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,0_2_1001FE88
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,0_2_10022F3F
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_02571A50
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itow_s,0_2_02571A8C
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_0257014C
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,GetLocaleInfoW,0_2_0256D969
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_02571929
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_025719E9
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,0_2_02571656
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,0_2_02567E5A
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,0_2_02567E1D
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,0_2_025716FD
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_02571561
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,0_2_02570DA8
Source: C:\Program Files (x86)\msiexec.exeCode function: memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,2_2_00215C84
Source: C:\Program Files (x86)\msiexec.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_10023019
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_1001F95D
Source: C:\Program Files (x86)\msiexec.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_1001F1A4
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,2_2_10016219
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_1001FA52
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_10016256
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,2_2_1001FAF9
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,2_2_1001CB39
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,2_2_1001FB54
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoA,2_2_10023469
Source: C:\Program Files (x86)\msiexec.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_1001F492
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_1001FD25
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_1001E548
Source: C:\Program Files (x86)\msiexec.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,2_2_1001BD65
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_1001FDE5
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_1001FE4C
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,2_2_1001FE88
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,2_2_10022F3F
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itow_s,2_2_028C1A8C
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_028C1A50
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_028C19E9
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_028C1929
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_028C014C
Source: C:\Program Files (x86)\msiexec.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,GetLocaleInfoW,2_2_028BD969
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,2_2_028C16FD
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,2_2_028B7E1D
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_028B7E5A
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_028C1656
Source: C:\Program Files (x86)\msiexec.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,2_2_028C0DA8
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_028C1561
Source: C:\Users\user\Documents\msedge.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,8_2_10023019
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_1001F95D
Source: C:\Users\user\Documents\msedge.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,8_2_1001F1A4
Source: C:\Users\user\Documents\msedge.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,8_2_10016219
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,8_2_1001FA52
Source: C:\Users\user\Documents\msedge.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,8_2_10016256
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,8_2_1001FAF9
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,8_2_1001CB39
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,8_2_1001FB54
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoA,8_2_10023469
Source: C:\Users\user\Documents\msedge.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,8_2_1001F492
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,8_2_1001FD25
Source: C:\Users\user\Documents\msedge.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,8_2_1001E548
Source: C:\Users\user\Documents\msedge.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,8_2_1001BD65
Source: C:\Users\user\Documents\msedge.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,8_2_1001FDE5
Source: C:\Users\user\Documents\msedge.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,8_2_1001FE4C
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,8_2_1001FE88
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,8_2_10022F3F
Source: C:\Users\user\Documents\msedge.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,8_2_02341A50
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itow_s,8_2_02341A8C
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,8_2_02341929
Source: C:\Users\user\Documents\msedge.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,GetLocaleInfoW,8_2_0233D969
Source: C:\Users\user\Documents\msedge.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,8_2_0234014C
Source: C:\Users\user\Documents\msedge.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,8_2_023419E9
Source: C:\Users\user\Documents\msedge.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,8_2_02337E1D
Source: C:\Users\user\Documents\msedge.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,8_2_02341656
Source: C:\Users\user\Documents\msedge.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,8_2_02337E5A
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,8_2_023416FD
Source: C:\Users\user\Documents\msedge.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_02341561
Source: C:\Users\user\Documents\msedge.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,8_2_02340DA8
Source: C:\Program Files (x86)\msiexec.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,10_2_10023019
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_1001F95D
Source: C:\Program Files (x86)\msiexec.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,10_2_1001F1A4
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,10_2_10016219
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,10_2_1001FA52
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,10_2_10016256
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,10_2_1001FAF9
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,10_2_1001CB39
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,10_2_1001FB54
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoA,10_2_10023469
Source: C:\Program Files (x86)\msiexec.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,10_2_1001F492
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,10_2_1001FD25
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,10_2_1001E548
Source: C:\Program Files (x86)\msiexec.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,10_2_1001BD65
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,10_2_1001FDE5
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,10_2_1001FE4C
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,10_2_1001FE88
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,10_2_10022F3F
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,10_2_026C1A50
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itow_s,10_2_026C1A8C
Source: C:\Program Files (x86)\msiexec.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,GetLocaleInfoW,10_2_026BD969
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,10_2_026C014C
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,10_2_026C1929
Source: C:\Program Files (x86)\msiexec.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,10_2_026C19E9
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,10_2_026B7E5A
Source: C:\Program Files (x86)\msiexec.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,10_2_026C1656
Source: C:\Program Files (x86)\msiexec.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,_free,_free,_free,_free,_free,10_2_026B7E1D
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,10_2_026C16FD
Source: C:\Program Files (x86)\msiexec.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_026C1561
Source: C:\Program Files (x86)\msiexec.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,10_2_026C0DA8
Source: C:\Users\user\Desktop\C7jdH7geD6.exeCode function: 0_2_1001E24C GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_1001E24C
Source: C:\Program Files (x86)\msiexec.exeCode function: 2_2_00215C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,2_2_00215C84
Source: msedge.exe, msedge.exe, 00000008.00000002.2277479528.0000000003B37000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277354313.0000000002320000.00000040.00001000.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277479528.0000000003AE7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277613766.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msedge.exe, 00000008.00000000.2186471704.000000000041B000.00000008.00000001.01000000.00000007.sdmp, msedge.exe, 00000008.00000002.2276664134.000000000041B000.00000004.00000001.01000000.00000007.sdmp, msiexec.exe, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmp, msedge.exe.0.drBinary or memory string: kxetray.exe
Source: msedge.exe, msedge.exe, 00000008.00000002.2277479528.0000000003B37000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277354313.0000000002320000.00000040.00001000.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277479528.0000000003AE7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277613766.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msedge.exe, 00000008.00000000.2186471704.000000000041B000.00000008.00000001.01000000.00000007.sdmp, msedge.exe, 00000008.00000002.2276664134.000000000041B000.00000004.00000001.01000000.00000007.sdmp, msiexec.exe, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmp, msedge.exe.0.drBinary or memory string: 360Tray.exe
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Windows\explorer.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
2
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Service Execution
3
Windows Service
1
Access Token Manipulation
2
Obfuscated Files or Information
LSASS Memory11
File and Directory Discovery
Remote Desktop Protocol1
Data from Local System
1
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder
3
Windows Service
1
DLL Side-Loading
Security Account Manager14
System Information Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook511
Process Injection
12
Masquerading
NTDS141
Security Software Discovery
Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder
2
Virtualization/Sandbox Evasion
LSA Secrets2
Virtualization/Sandbox Evasion
SSHKeylogging2
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Access Token Manipulation
Cached Domain Credentials2
Process Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items511
Process Injection
DCSync1
Application Window Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1388396 Sample: C7jdH7geD6.exe Startdate: 07/02/2024 Architecture: WINDOWS Score: 100 33 whois.pconline.com.cn.ctadns.cn 2->33 35 whois.pconline.com.cn 2->35 39 Antivirus detection for URL or domain 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 Connects to many ports of the same IP (likely port scanning) 2->43 45 2 other signatures 2->45 8 C7jdH7geD6.exe 3 3 2->8         started        13 explorer.exe 2->13         started        15 explorer.exe 1 2->15         started        signatures3 process4 dnsIp5 37 206.238.220.90, 16037, 49705, 49706 COGENT-174US United States 8->37 27 C:\Users\user\Documents\msedge.exe, PE32 8->27 dropped 29 C:\Program Files (x86)\msiexec.exe, PE32 8->29 dropped 55 Early bird code injection technique detected 8->55 57 Drops PE files to the document folder of the user 8->57 59 Contains functionality to inject code into remote processes 8->59 61 3 other signatures 8->61 17 msiexec.exe 13 8->17         started        20 msedge.exe 13->20         started        23 msedge.exe 13->23         started        file6 signatures7 process8 dnsIp9 31 whois.pconline.com.cn.ctadns.cn 14.29.101.168, 49707, 80 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN China 17->31 47 Early bird code injection technique detected 20->47 49 Writes to foreign memory regions 20->49 51 Allocates memory in foreign processes 20->51 25 msiexec.exe 20->25         started        53 Multi AV Scanner detection for dropped file 23->53 signatures10 process11

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
C7jdH7geD6.exe61%ReversingLabsWin32.Backdoor.Androm
SourceDetectionScannerLabelLink
C:\Program Files (x86)\msiexec.exe0%ReversingLabs
C:\Users\user\Documents\msedge.exe61%ReversingLabsWin32.Backdoor.Androm
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://whois.pconline.com.cn/ipJson.jsp0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jspf100%Avira URL Cloudmalware
http://whois.pconline.com.cn/0%Avira URL Cloudsafe
http://whois.pconline.com.cn/ipJson.jspUDP100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jsp2100%Avira URL Cloudmalware
http://whois.pconline.com.cn/ipJson.jsp)0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
whois.pconline.com.cn.ctadns.cn
14.29.101.168
truefalse
    unknown
    whois.pconline.com.cn
    unknown
    unknownfalse
      unknown
      NameMaliciousAntivirus DetectionReputation
      http://whois.pconline.com.cn/ipJson.jspfalse
      • Avira URL Cloud: safe
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      http://whois.pconline.com.cn/ipJson.jspUDPC7jdH7geD6.exe, 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000002.2105598991.0000000003BB9000.00000004.00000020.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000002.2105598991.0000000003C09000.00000004.00000020.00020000.00000000.sdmp, C7jdH7geD6.exe, 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277479528.0000000003B37000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277354313.0000000002320000.00000040.00001000.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277479528.0000000003AE7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.2277613766.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249652374.0000000010027000.00000002.00001000.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000002.2249168803.00000000026A0000.00000040.00000400.00020000.00000000.sdmpfalse
      • Avira URL Cloud: malware
      unknown
      http://whois.pconline.com.cn/ipJson.jsp)msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://whois.pconline.com.cn/ipJson.jspfmsiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: malware
      unknown
      http://whois.pconline.com.cn/msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://whois.pconline.com.cn/ipJson.jsp2msiexec.exe, 00000002.00000002.4476382144.00000000029BA000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: malware
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      206.238.220.90
      unknownUnited States
      174COGENT-174UStrue
      14.29.101.168
      whois.pconline.com.cn.ctadns.cnChina
      58466CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNfalse
      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1388396
      Start date and time:2024-02-07 15:38:00 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 8m 29s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:11
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:1
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:C7jdH7geD6.exe
      renamed because original name is a hash value
      Original Sample Name:893ab45fcc1fdbc5f30d67f5b44fae4a3fb3a37775491d231f2c72081d99ffa7.exe
      Detection:MAL
      Classification:mal100.troj.evad.winEXE@10/4@2/2
      EGA Information:
      • Successful, ratio: 80%
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 69
      • Number of non-executed functions: 373
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Override analysis time to 240000 for current running targets taking high CPU consumption
      • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Execution Graph export aborted for target msedge.exe, PID 7592 because there are no executed function
      • Report size exceeded maximum capacity and may have missing behavior information.
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • VT rate limit hit for: C7jdH7geD6.exe
      TimeTypeDescription
      15:38:55AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IsSystemUpgradeComponentRegistered explorer "C:\Users\user\Documents\msedge.exe"
      15:39:32API Interceptor4446158x Sleep call for process: msiexec.exe modified
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      206.238.220.90sample.exeGet hashmaliciousUnknownBrowse
        sample.exeGet hashmaliciousUnknownBrowse
          sample.exeGet hashmaliciousUnknownBrowse
            14.29.101.1687r7iKqMM88.exeGet hashmaliciousUnknownBrowse
            • whois.pconline.com.cn/jsFunction.jsp?callback=jsShow
            fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
            • whois.pconline.com.cn/jsFunction.jsp
            fdnbdfbsb.exeGet hashmaliciousUnknownBrowse
            • whois.pconline.com.cn/jsFunction.jsp
            Wolf.exeGet hashmaliciousUnknownBrowse
            • whois.pconline.com.cn/jsFunction.jsp
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            whois.pconline.com.cn.ctadns.cnsetup.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.169
            setup.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.168
            setup.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.160
            #U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.160
            #U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.160
            sample.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.169
            sample.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.169
            sample.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.169
            7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.160
            7r7iKqMM88.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.168
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCNftHDGVT1ml.elfGet hashmaliciousMiraiBrowse
            • 113.99.33.126
            5FEizg5Api.elfGet hashmaliciousMiraiBrowse
            • 42.240.219.60
            2VFOS2aVEh.elfGet hashmaliciousMiraiBrowse
            • 113.104.169.250
            2LXl292GL7.elfGet hashmaliciousMiraiBrowse
            • 45.116.63.137
            dzGNEiI3d8.elfGet hashmaliciousMiraiBrowse
            • 114.67.4.15
            IxqXvgASS7.elfGet hashmaliciousUnknownBrowse
            • 113.105.112.169
            fFJrtfaPIg.elfGet hashmaliciousMiraiBrowse
            • 113.98.243.203
            huhu.mips.elfGet hashmaliciousMiraiBrowse
            • 14.29.123.228
            x86.elfGet hashmaliciousMiraiBrowse
            • 113.99.33.164
            setup.exeGet hashmaliciousUnknownBrowse
            • 14.29.101.169
            COGENT-174UShttps://fvitz.tyru.lat/?igk=iuyvqsdmlld2luZ0Bjb25zaWdubWVudGdhbGxlcnkuY2E=Get hashmaliciousUnknownBrowse
            • 38.91.45.7
            RemasterSouls Setup.exeGet hashmaliciousUnknownBrowse
            • 154.56.48.197
            RemasterSouls Setup.exeGet hashmaliciousUnknownBrowse
            • 154.56.48.197
            RemasterSouls Setup.exeGet hashmaliciousUnknownBrowse
            • 154.56.48.197
            ftHDGVT1ml.elfGet hashmaliciousMiraiBrowse
            • 38.119.147.53
            zsGh6GOugh.elfGet hashmaliciousMiraiBrowse
            • 38.42.26.170
            v6B9kxKva1.elfGet hashmaliciousMiraiBrowse
            • 38.139.147.188
            ZPxpPStblJ.elfGet hashmaliciousMiraiBrowse
            • 38.48.114.17
            FOr8baSOyH.elfGet hashmaliciousMiraiBrowse
            • 38.83.11.73
            Zy2VcEreRS.elfGet hashmaliciousMiraiBrowse
            • 154.7.149.60
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Program Files (x86)\msiexec.exesetup.exeGet hashmaliciousUnknownBrowse
              #U67e5#U8be2#U5165#U53e3.exeGet hashmaliciousUnknownBrowse
                sample.exeGet hashmaliciousUnknownBrowse
                  Process:C:\Users\user\Desktop\C7jdH7geD6.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:modified
                  Size (bytes):59904
                  Entropy (8bit):5.770776695007155
                  Encrypted:false
                  SSDEEP:768:uo8HL2TB4LHLbo77Q2d9xSDvYD07BOUp8VKfTKznHVXq6ayYf3:vTB4LG7B8jY4XprIHw62
                  MD5:9D09DC1EDA745A5F87553048E57620CF
                  SHA1:1D0C7CFCA8104D06DE1F08B97F28B3520C246CD7
                  SHA-256:3A90EDE157D40A4DB7859158C826F7B4D0F19A5768F6483C9BE6EE481C6E1AF7
                  SHA-512:2BE940F0468F77792C6E1B593376900C24FF0B0FAE8DC2E57B05596506789AA76119F8BE780C57252F74CD1F0C2FA7223FE44AE4FA3643C26DF00DD42BD4C016
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: setup.exe, Detection: malicious, Browse
                  • Filename: #U67e5#U8be2#U5165#U53e3.exe, Detection: malicious, Browse
                  • Filename: sample.exe, Detection: malicious, Browse
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...tkq.tkq.tkq.`.r.skq.`.t.zkq.`.p.ykq.tkp..kq.`.x.wkq.`.u.=kq.`...ukq.`.s.ukq.Richtkq.........PE..L....E.%.....................^......0.............@.......................... ......\.....@...... ...................................................................(..T...............................@.......................@....................text...d........................... ..`.data...............................@....idata..............................@..@.didat..L...........................@....rsrc............ ..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files (x86)\msiexec.exe
                  File Type:ISO-8859 text
                  Category:dropped
                  Size (bytes):204
                  Entropy (8bit):4.8412246871440905
                  Encrypted:false
                  SSDEEP:6:6bJpCL9Lr2MOYN9+XXai7+njhE0A34IzBnOFA:AJMZ+zWjS0A3FdoA
                  MD5:08E11555A4D8E7096D2096D9BC7EE08E
                  SHA1:5391C02F5CCBEE2145D8452650AD91EDE5F4626D
                  SHA-256:E1A77201E3B84AA5A1FCA3CDD595F1D8FE5A3EDB0C8E2D03AE333132A64AED98
                  SHA-512:AD0662D08800BE1CF17C32155D1DCAA5F7F0FDD8FF492FF6C3CC54B4C3ABF41811BD74C501565528338C2DD729A65D7090FE063ACD84B87013F7FC494A9195AF
                  Malicious:false
                  Reputation:low
                  Preview:.....if(window.IPCallBack) {IPCallBack({"ip":"81.181.57.74","pro":"","proCode":"999999","city":"","cityCode":"0","region":"","regionCode":"0","addr":" ........","regionNames":"","err":"noprovince"});}....
                  Process:C:\Users\user\Desktop\C7jdH7geD6.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):147456
                  Entropy (8bit):5.830923951455764
                  Encrypted:false
                  SSDEEP:3072:mwGoEbM6v/i7iImDph7LZLDmHnVXM2y2w1aKCEu:mwEbM6v/Own9unVXM27W
                  MD5:2498F71C2E68A551033E64C7BA1AB19A
                  SHA1:4056D6F648B1FD84A4B6D3B6982EE22F09F85584
                  SHA-256:893AB45FCC1FDBC5F30D67F5B44FAE4A3FB3A37775491D231F2C72081D99FFA7
                  SHA-512:EC42DC199991F27E3C04C4DCE1B2494A8232CF7F5A1D5ACC59572F68EEE2B713EF57F51A09E2C5307CDF76B1E8D6EE73D2573C527ECE2A79342B87B78D66F908
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 61%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.NX...X...X.......V...7...Y.......Z...7...S...7...\...n#..[...n#..[...X...G.......K.......Y...RichX...................PE..L....".e.................P...........E.......`....@..........................@..............................................`...........0y...........................................................................`...............................text..."L.......P.................. ..`.rdata...O...`...P...`..............@..@.data...............................@....rsrc...0y..........................@..@........................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\C7jdH7geD6.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):26
                  Entropy (8bit):3.95006375643621
                  Encrypted:false
                  SSDEEP:3:ggPYV:rPYV
                  MD5:187F488E27DB4AF347237FE461A079AD
                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:[ZoneTransfer]....ZoneId=0
                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):5.830923951455764
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:C7jdH7geD6.exe
                  File size:147'456 bytes
                  MD5:2498f71c2e68a551033e64c7ba1ab19a
                  SHA1:4056d6f648b1fd84a4b6d3b6982ee22f09f85584
                  SHA256:893ab45fcc1fdbc5f30d67f5b44fae4a3fb3a37775491d231f2c72081d99ffa7
                  SHA512:ec42dc199991f27e3c04c4dce1b2494a8232cf7f5a1d5acc59572f68eee2b713ef57f51a09e2c5307cdf76b1e8d6ee73d2573c527ece2a79342b87b78d66f908
                  SSDEEP:3072:mwGoEbM6v/i7iImDph7LZLDmHnVXM2y2w1aKCEu:mwEbM6v/Own9unVXM27W
                  TLSH:87E34C22FAF600D6CB5A913014BE7731A93EFD6A0F29CBEB4354DA5D68311816D3631E
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.NX...X...X.......V...7...Y.......Z...7...S...7...\...n#..[...n#..[...X...G.......K.......Y...RichX...................PE..L..
                  Icon Hash:0f4c1f0f2f9595a7
                  Entrypoint:0x4145ff
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  DLL Characteristics:
                  Time Stamp:0x65B122BB [Wed Jan 24 14:46:19 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:0b64b4522cd7077cbc759c778f8bf757
                  Instruction
                  push ebp
                  mov ebp, esp
                  push FFFFFFFFh
                  push 00418558h
                  push 0041478Ch
                  mov eax, dword ptr fs:[00000000h]
                  push eax
                  mov dword ptr fs:[00000000h], esp
                  sub esp, 68h
                  push ebx
                  push esi
                  push edi
                  mov dword ptr [ebp-18h], esp
                  xor ebx, ebx
                  mov dword ptr [ebp-04h], ebx
                  push 00000002h
                  call dword ptr [00416714h]
                  pop ecx
                  or dword ptr [0041BEC4h], FFFFFFFFh
                  or dword ptr [0041BEC8h], FFFFFFFFh
                  call dword ptr [00416710h]
                  mov ecx, dword ptr [0041BEB8h]
                  mov dword ptr [eax], ecx
                  call dword ptr [0041670Ch]
                  mov ecx, dword ptr [0041BEB4h]
                  mov dword ptr [eax], ecx
                  mov eax, dword ptr [00416708h]
                  mov eax, dword ptr [eax]
                  mov dword ptr [0041BEC0h], eax
                  call 00007FD25CD47CB2h
                  cmp dword ptr [0041BA90h], ebx
                  jne 00007FD25CD47B9Eh
                  push 00414788h
                  call dword ptr [00416704h]
                  pop ecx
                  call 00007FD25CD47C84h
                  push 0041B020h
                  push 0041B01Ch
                  call 00007FD25CD47C6Fh
                  mov eax, dword ptr [0041BEB0h]
                  mov dword ptr [ebp-6Ch], eax
                  lea eax, dword ptr [ebp-6Ch]
                  push eax
                  push dword ptr [0041BEACh]
                  lea eax, dword ptr [ebp-64h]
                  push eax
                  lea eax, dword ptr [ebp-70h]
                  push eax
                  lea eax, dword ptr [ebp-60h]
                  push eax
                  call dword ptr [004166FCh]
                  push 0041B018h
                  push 0041B000h
                  call 00007FD25CD47C3Ch
                  Programming Language:
                  • [C++] VS98 (6.0) SP6 build 8804
                  • [C++] VS98 (6.0) build 8168
                  • [EXP] VC++ 6.0 SP5 build 8804
                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x19d600xc8.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000x7930.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x160000x818.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x14c220x15000941a9d825c4898ef4d5348257fa827f6False0.49314081101190477data6.152871408798356IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x160000x4fda0x50005a8f9f61ccbf5d2b265328fe3b172c2bFalse0.299365234375data4.796983383083343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x1b0000xecc0x10003fc3e4867eb64e480088ee3baa9bd059False0.292724609375data3.267573967954494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0x1c0000x79300x8000fbdd23acf8a946a8bd6fe755884ef239False0.3614501953125data4.98288561165888IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_BITMAP0x20a500x428Device independent bitmap graphic, 128 x 15 x 4, image size 960ItalianItaly0.3618421052631579
                  RT_BITMAP0x213580x3b0Device independent bitmap graphic, 112 x 15 x 4, image size 840ItalianItaly0.4141949152542373
                  RT_BITMAP0x210300x328Device independent bitmap graphic, 82 x 16 x 4, image size 704ItalianItaly0.37623762376237624
                  RT_BITMAP0x20e780x1b8Device independent bitmap graphic, 45 x 14 x 4, image size 336ItalianItaly0.31136363636363634
                  RT_ICON0x1c7c00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152ChineseChina0.31001805054151627
                  RT_ICON0x1d0800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.48160980810234544
                  RT_ICON0x1df280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.5564079422382672
                  RT_ICON0x1e7d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.7774566473988439
                  RT_ICON0x1ed680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688ItalianItaly0.48427505330490406
                  RT_ICON0x1fc100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152ItalianItaly0.5550541516245487
                  RT_ICON0x204b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320ItalianItaly0.778179190751445
                  RT_MENU0x217400x2c6dataItalianItaly0.46901408450704224
                  RT_DIALOG0x21a780x13edataItalianItaly0.610062893081761
                  RT_DIALOG0x21bb80x24cdataItalianItaly0.4812925170068027
                  RT_DIALOG0x21e080x3b0dataItalianItaly0.4194915254237288
                  RT_STRING0x226680x98dataItalianItaly0.42105263157894735
                  RT_STRING0x227000x44dataItalianItaly0.6911764705882353
                  RT_STRING0x227880x338dataItalianItaly0.3131067961165049
                  RT_STRING0x22c380x2c0dataItalianItaly0.07102272727272728
                  RT_STRING0x230900x3b6dataItalianItaly0.3178947368421053
                  RT_STRING0x230180x78dataItalianItaly0.6
                  RT_STRING0x22ac00x178dataItalianItaly0.45478723404255317
                  RT_STRING0x22ef80x120dataItalianItaly0.3715277777777778
                  RT_STRING0x227480x40dataItalianItaly0.734375
                  RT_STRING0x234480x144dataItalianItaly0.29012345679012347
                  RT_STRING0x235900x252dataItalianItaly0.36195286195286197
                  RT_STRING0x237e80xacdataItalianItaly0.5988372093023255
                  RT_STRING0x238980x92dataItalianItaly0.5958904109589042
                  RT_ACCELERATOR0x21a080x70dataItalianItaly0.6875
                  RT_GROUP_ICON0x20a200x30dataItalianItaly0.9375
                  RT_GROUP_ICON0x1ed380x30dataEnglishUnited States0.9166666666666666
                  RT_GROUP_ICON0x1d0680x14dataChineseChina1.15
                  RT_VERSION0x221b80x324dataItalianItaly0.44776119402985076
                  RT_MANIFEST0x224e00x188XML 1.0 document, ASCII text, with CRLF line terminatorsItalianItaly0.5892857142857143
                  None0x217080x1cdataItalianItaly1.25
                  None0x217280x16dataItalianItaly1.3636363636363635
                  DLLImport
                  MFC42.DLL
                  MSVCRT.dll_setmbcp, __CxxFrameHandler, _CxxThrowException, qsort, atoi, _stricmp, __dllonexit, _onexit, ??1type_info@@UAE@XZ, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp
                  KERNEL32.dllGetModuleHandleA, OpenProcess, TerminateProcess, Process32First, Process32Next, CreateToolhelp32Snapshot, Thread32First, Thread32Next, FindResourceA, LoadResource, LockResource, lstrcpynA, lstrlenA, lstrcpyA, GlobalAlloc, GlobalReAlloc, GlobalFree, Sleep, GetTickCount, CreateThread, OutputDebugStringA, GetCurrentThreadId, GetModuleFileNameA, GetProcAddress, CloseHandle, CreateEventA, LoadLibraryA, GetStartupInfoA
                  USER32.dllGetWindowRect, SystemParametersInfoA, DrawStateA, GetTabbedTextExtentA, GetMenuState, ModifyMenuA, GetMenuStringA, GetSubMenu, GetMenuItemID, GetMenuItemCount, SetRect, GetSystemMetrics, ScreenToClient, LoadCursorA, SetCursor, CopyRect, GetSysColor, DrawTextA, InvalidateRect, SendMessageA, GetInputState, PostThreadMessageA, GetMessageA, EnableWindow, UpdateWindow, GetWindowLongA, GetDlgItem, ShowScrollBar, EnableScrollBar, OffsetRect, FrameRect, GetFocus, GetClassInfoA, DefWindowProcA, CreatePopupMenu, AppendMenuA, GetMessagePos, GetCursorPos, IsWindow, WindowFromPoint, GetKeyState, TranslateMessage, DispatchMessageA, PtInRect, PostMessageA, IsChild, InflateRect, LoadBitmapA, IsWindowVisible, ReleaseCapture, GetClientRect, GetParent, ClientToScreen, SetCapture, IsRectEmpty
                  GDI32.dllCreateCompatibleBitmap, StretchBlt, GetTextColor, RealizePalette, GetDeviceCaps, DPtoLP, CreateFontIndirectA, CreateCompatibleDC, GetObjectA, BitBlt, Polygon, CreateRectRgnIndirect, GetStockObject, SelectObject, DeleteObject, GetTextExtentPoint32A, PatBlt
                  ADVAPI32.dllRegOpenKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, SetTokenInformation, GetLengthSid, OpenProcessToken, RegCloseKey
                  COMCTL32.dllImageList_GetImageInfo, ImageList_GetIconSize, ImageList_DrawEx, ImageList_GetIcon, ImageList_AddMasked, ImageList_Draw, ImageList_SetBkColor
                  WS2_32.dllclosesocket, WSACleanup, WSAStartup, gethostbyname
                  MSVCP60.dll??1Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??0Init@ios_base@std@@QAE@XZ
                  Language of compilation systemCountry where language is spokenMap
                  ItalianItaly
                  ChineseChina
                  EnglishUnited States
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 7, 2024 15:38:51.096689939 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:51.424134970 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:51.424293995 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:51.425018072 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:51.749372005 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:51.749444008 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:51.749484062 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:51.749520063 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:51.749563932 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:51.749567032 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:51.749630928 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:51.796890020 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.074013948 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.074037075 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.074048996 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.074062109 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.074075937 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.074090004 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.074229002 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.074229002 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.121716022 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.121743917 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.121836901 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.399684906 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399713993 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399727106 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399739027 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399753094 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399765015 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399776936 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399789095 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399800062 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399813890 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399826050 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399833918 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.399838924 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.399908066 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.399908066 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.448193073 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.448272943 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.448313951 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.448441982 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727535009 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727570057 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727615118 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727632999 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727652073 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727657080 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727674961 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727686882 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727694988 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727715969 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727719069 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727735996 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727752924 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727760077 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727771997 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727788925 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727791071 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727807999 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727823973 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727828026 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727840900 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727859974 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727859974 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.727876902 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.727895975 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.776623011 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.776660919 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.776679993 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.776696920 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.776738882 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.776757956 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:52.776797056 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.776797056 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.776797056 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:52.828213930 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054061890 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054094076 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054137945 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054155111 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054172039 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054187059 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054205894 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054222107 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054238081 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054254055 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054270983 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054287910 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054303885 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054320097 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054328918 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054328918 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054328918 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054337025 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054353952 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054362059 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054369926 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054378986 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054389000 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054405928 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054410934 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054423094 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054431915 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054439068 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054455996 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054462910 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054471970 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054488897 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054491997 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054505110 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054521084 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054532051 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054537058 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054553032 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054555893 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054570913 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054589033 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054605961 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054609060 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054622889 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.054626942 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.054672956 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.100903988 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.100935936 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.100984097 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101001024 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101017952 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101032019 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.101035118 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101052046 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101057053 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.101068974 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101085901 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101102114 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101105928 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.101119995 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101136923 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.101155996 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.101178885 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.152185917 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.152211905 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.152256966 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.378858089 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378887892 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378897905 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378907919 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378923893 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378932953 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378942966 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378961086 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.378978014 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379023075 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379030943 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379038095 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379046917 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379091024 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379096985 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379108906 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379127979 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379143953 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379153013 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379159927 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379175901 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379180908 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379193068 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379209995 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379211903 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379229069 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379245043 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379250050 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379261017 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379277945 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379280090 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379298925 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379317045 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379317045 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379333019 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379348993 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379354000 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379364967 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379380941 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379386902 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379399061 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379412889 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379415989 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379432917 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379447937 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379452944 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379463911 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379481077 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379482985 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379498005 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379513979 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379517078 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379529953 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379545927 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379547119 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379563093 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379579067 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379594088 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379595995 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379610062 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379616022 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379626036 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379641056 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379647970 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379657984 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379673958 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379683971 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379689932 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379705906 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379709005 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379722118 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379740000 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379740000 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379755974 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379771948 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379786968 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379789114 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379803896 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379806042 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379821062 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379837036 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379843950 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.379853010 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.379870892 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.390690088 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426290035 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426315069 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426336050 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426353931 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426372051 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426400900 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426420927 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426439047 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426455975 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426474094 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426476955 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426495075 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426512003 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426522017 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426532030 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426552057 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426568985 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426585913 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426603079 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426604033 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426620007 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426620960 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426628113 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426640987 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426656961 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426661015 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426675081 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426692963 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426697969 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426711082 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426728010 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426728010 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426745892 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426759958 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.426768064 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.426800013 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.477047920 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.477071047 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.477087975 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.477107048 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.477129936 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.477168083 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.703394890 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703449965 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703469038 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703486919 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703505039 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703504086 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.703521967 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703530073 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.703538895 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703555107 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703558922 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.703572035 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703588963 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703598976 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.703624010 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.703845024 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703864098 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.703896046 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704057932 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704076052 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704092026 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704107046 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704109907 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704123974 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704138994 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704142094 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704157114 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704174042 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704180956 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704190969 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704207897 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704210997 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704224110 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704240084 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704242945 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704256058 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704272985 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704273939 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704289913 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704304934 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704309940 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704320908 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704336882 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704339027 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704354048 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704370022 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704389095 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704394102 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704407930 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704411030 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704423904 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704440117 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704442978 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704457045 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704473019 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704482079 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704488993 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704505920 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704508066 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704521894 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704539061 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704540968 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704555988 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704571962 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704574108 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704587936 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704603910 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704606056 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704621077 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704638958 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704638958 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704655886 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704673052 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704678059 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704689980 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704705954 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704710007 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704722881 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704737902 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704741955 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704755068 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704771042 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704773903 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704787970 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704803944 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704806089 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704821110 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704835892 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704838991 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704853058 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704869032 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704885006 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704886913 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704901934 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704910040 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.704922915 CET1603749705206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:53.704946995 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.749991894 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.859488964 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:53.906373978 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:56.835344076 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:57.146878958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:38:57.147007942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:58.454304934 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:38:58.803730011 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:38:58.803847075 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:38:58.804300070 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:38:59.057909966 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:38:59.057930946 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:38:59.058294058 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:38:59.058294058 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:38:59.515779018 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:38:59.646289110 CET4970516037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:38:59.876002073 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:39:00.540734053 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:39:00.540767908 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:39:00.540868998 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:39:00.540868998 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:39:00.564136982 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:00.891253948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:00.937572956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:08.238075972 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:08.563662052 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:08.563786030 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:08.564491034 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:08.890058041 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:08.890078068 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:08.890091896 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:08.890252113 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:08.890266895 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:08.890295029 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:08.890295029 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:08.937501907 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.215634108 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.215662003 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.215675116 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.215686083 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.215698957 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.215713024 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.215754032 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.215790987 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.262901068 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.262927055 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.263403893 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.549011946 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549223900 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549242973 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549263954 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549268961 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549276114 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549289942 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549304008 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549318075 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549330950 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549344063 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.549376011 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.549376011 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.549376011 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.594415903 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.604937077 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.604958057 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.604971886 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.605062962 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.878746986 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.878813028 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.878851891 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.878892899 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.878930092 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.878958941 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.878958941 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.878973961 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879012108 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879050970 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879085064 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.879085064 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.879087925 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879126072 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879163027 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879200935 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879237890 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879275084 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879312038 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879349947 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879388094 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879426956 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879468918 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.879581928 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.879581928 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.879581928 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.879581928 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.879581928 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.920085907 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.920120001 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.921922922 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.930305004 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.930335045 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.930349112 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.930362940 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.930377007 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.930391073 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:09.930996895 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.930996895 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:09.930996895 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.210597038 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210767984 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210782051 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210794926 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210808992 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210820913 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210839987 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210853100 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210866928 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210886002 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210897923 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210902929 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210910082 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210917950 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210927963 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210932970 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210939884 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210946083 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210952044 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210957050 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.210968018 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.210968018 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.210968018 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.210968018 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.210968018 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211052895 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211067915 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211080074 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211091042 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211102962 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211114883 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211127996 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211139917 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211150885 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211159945 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211159945 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211159945 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211159945 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211163998 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211177111 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211189032 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211200953 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211213112 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211225986 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211240053 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.211755037 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211755037 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211755037 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211755037 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.211755991 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.248888969 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.248915911 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.248964071 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.249140024 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.249155998 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.249435902 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.256288052 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256328106 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256351948 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256413937 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.256417036 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256431103 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256453991 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256464958 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256484032 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256495953 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256508112 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256529093 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256541967 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256548882 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.256548882 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.256548882 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.256555080 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256571054 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.256632090 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.256632090 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.297703981 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536324024 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536353111 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536391020 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536405087 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536431074 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536444902 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536465883 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536473989 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536492109 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536516905 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536530972 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536540985 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536540985 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536540985 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536544085 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536560059 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536582947 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536596060 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536618948 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536633015 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536644936 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536648989 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536648989 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536648989 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536659956 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536681890 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536695957 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536719084 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536731958 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536746025 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536768913 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536770105 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536770105 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536783934 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536798000 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536802053 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536802053 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536813021 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536827087 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536840916 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536854029 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536875963 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536883116 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536883116 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536883116 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536890030 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536905050 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536916971 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536930084 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536942959 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536943913 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536943913 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.536957979 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536971092 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.536984921 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537005901 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537018061 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537018061 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537020922 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537046909 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537060022 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537071943 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537094116 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537106991 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537121058 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537143946 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537152052 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537152052 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537152052 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537158012 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537173033 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537194014 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537208080 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537230968 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537234068 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537234068 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537234068 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537245035 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537259102 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537271023 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537283897 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537307024 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537312984 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537312984 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537321091 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537343025 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537359953 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537381887 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537395954 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537417889 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537435055 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537456989 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537461996 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537461996 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537461996 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537461996 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537472010 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537497044 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537513971 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.537702084 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537702084 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.537874937 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.574301004 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574320078 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574342966 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574352980 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574559927 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574568987 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574584007 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574592113 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.574736118 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.574736118 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.574736118 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.575277090 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.578270912 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582191944 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582209110 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582231045 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582241058 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582251072 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582259893 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582273006 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582283020 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582290888 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582298994 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582310915 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582319975 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582333088 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582340956 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582349062 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582349062 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582349062 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582356930 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582365036 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582374096 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582381964 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582396030 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582402945 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582407951 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582407951 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582407951 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582411051 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582421064 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582433939 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582443953 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582451105 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582457066 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582459927 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582474947 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.582624912 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.582626104 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.583122015 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.623048067 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.626713037 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.862692118 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862752914 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862766027 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862770081 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862786055 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862795115 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862802029 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862809896 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862858057 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.862865925 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862874031 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862881899 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862889051 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862895966 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862906933 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862910986 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.862927914 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.862927914 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.862927914 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.862982988 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863003016 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863012075 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863018036 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863024950 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863032103 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863039017 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863045931 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863053083 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863059998 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863073111 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863089085 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863089085 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863089085 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863097906 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863106012 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863121033 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863128901 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863136053 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863142967 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863152027 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863164902 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863171101 CET1603749708206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:10.863181114 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863181114 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863181114 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863181114 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.863338947 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:10.906368971 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:11.422002077 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:11.843837976 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:15.672240973 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:15.993779898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:16.046987057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:16.834597111 CET4970816037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:33.125071049 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:33.446635008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:33.499957085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:50.421972036 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:39:50.743168116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:39:50.796840906 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:00.542004108 CET804970714.29.101.168192.168.2.5
                  Feb 7, 2024 15:40:00.542104959 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:40:06.156407118 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:06.477556944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:40:06.531213045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:23.656240940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:24.007781982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:40:24.062444925 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:39.328320026 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:39.666543007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:40:39.718687057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:47.265789032 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:40:48.390542984 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:40:50.453067064 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:40:54.562421083 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:40:56.531259060 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:40:56.876380920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:40:56.921788931 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:02.765590906 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:41:12.187705040 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:12.640518904 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:12.978030920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:41:13.148483992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:41:13.203036070 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:19.156176090 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:41:29.234421968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:29.555493116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:41:29.609307051 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:44.875029087 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:45.196563959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:41:45.250010967 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:41:52.015507936 CET4970780192.168.2.514.29.101.168
                  Feb 7, 2024 15:42:02.093724012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:02.414755106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:02.468854904 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.067472935 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.388979912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.389133930 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.710136890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710184097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710216999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710248947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710309029 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.710319996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710336924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.710352898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710372925 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.710386038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710441113 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.710453033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710488081 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.710546970 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.711005926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.711040974 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.711071968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:11.711091042 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:11.765476942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031460047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031522989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031563044 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031595945 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031629086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031651974 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031661034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031687021 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031687021 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031693935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031725883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031739950 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031758070 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031789064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031809092 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031822920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031852961 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.031871080 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.031972885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.032005072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.032027006 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.077975035 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.352695942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.352716923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.352732897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.352860928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.352888107 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.352989912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.352999926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353009939 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353046894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353085995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353096008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353142023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353185892 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353185892 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353204012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353254080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353266001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353266954 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353283882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353312969 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353396893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353408098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353416920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.353455067 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353481054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.353497028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.406085968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.673913956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.673938990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.673949957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.673959970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.673970938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.674083948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.674105883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.674105883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.674165010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.674220085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.674226999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.674264908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.674276114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.674319029 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.718602896 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.995244026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995266914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995279074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995290995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995362043 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.995387077 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.995435953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995446920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995457888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.995484114 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.995507002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.995565891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.998087883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.998110056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.998121023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.998131990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.998142004 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:12.998150110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.998172998 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:12.998195887 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316251993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316278934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316288948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316298008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316390038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316400051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316428900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316438913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316456079 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316487074 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316493988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316534996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316689014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316730976 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316755056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316776037 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316817999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316868067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316925049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.316965103 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.316977024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.317017078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.317034006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.317056894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.317125082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.317174911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.638216972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638292074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638324976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638326883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.638356924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638387918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638400078 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.638421059 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638434887 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.638452053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638488054 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638499975 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.638519049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638562918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638567924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.638569117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638581038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638596058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.638850927 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.959743977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959811926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959845066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959877014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959886074 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.959908962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959920883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.959942102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959974051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.959975004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.960005999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.960022926 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.960038900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.960071087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.960083961 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.960103035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.960134029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.960150957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:13.960165024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:13.960207939 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281301975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281322956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281368971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281394005 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281404972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281424999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281436920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281469107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281477928 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281502962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281533957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281548023 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281564951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281594992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281605005 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281934977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281966925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.281984091 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.281999111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.282028913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.282043934 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.282094955 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.282126904 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.282135010 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.499985933 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.603838921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.603904009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.603940964 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.603971958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604007006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604028940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604028940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604038954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604069948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604069948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604104042 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604113102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604135990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604166985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604180098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604197979 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604228973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604248047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604259014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604304075 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604387999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604418993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604449034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604463100 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604481936 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604511976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604525089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.604542971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.604583979 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.925498009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925529957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925549030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925564051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925579071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925595999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.925595999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.925622940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:14.925636053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925705910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925721884 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:14.925746918 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.015506029 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.246807098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246839046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246855021 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246869087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246891022 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246906996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246943951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246948004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.246948004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.246961117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246978998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.246984005 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.247004032 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.247010946 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.247051001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247055054 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247093916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247104883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.247139931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247180939 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.247265100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247409105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247459888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247462988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.247513056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.247554064 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568187952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568250895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568284035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568316936 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568348885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568380117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568414927 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568416119 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568416119 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568447113 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568447113 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568480968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568481922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568514109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568538904 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568545103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568577051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568595886 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568608999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568639994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568651915 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.568671942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568701982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.568718910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.609201908 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.895560026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895623922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895658970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895690918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895721912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895720959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.895759106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895761967 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.895761967 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.895792007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895823002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895836115 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.895854950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895884991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895906925 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.895916939 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.895961046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.896039963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.896075010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.896106005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.896121025 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.896174908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.896204948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.896220922 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:15.896235943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:15.896282911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217012882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217068911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217123985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217205048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217240095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217255116 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217272043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217303991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217315912 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217336893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217367887 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217377901 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217397928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217428923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217441082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217461109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217494011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217502117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217617989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217653036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217663050 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217685938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217716932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217725039 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217789888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217822075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217833042 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.217852116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.217895985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.218094110 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.218158960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.218192101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.218203068 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.218223095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.218260050 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.538769007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538796902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538814068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538827896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538841963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538861036 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.538885117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538893938 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.538893938 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.538901091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538933992 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.538965940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.538980007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539015055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.539690018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539705992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539742947 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.539793968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539808989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539822102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539834976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539840937 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.539849997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539863110 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539870024 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.539877892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539896011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539897919 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.539911032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539926052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.539932966 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.539959908 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860070944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860093117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860107899 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860121012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860136986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860158920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860176086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860208035 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860243082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860250950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860266924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860280991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860291004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860318899 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860378027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860404968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860441923 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860656977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860723972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860760927 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860764980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860826969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860862970 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:16.860903978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860919952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:16.860958099 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181366920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181420088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181466103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181477070 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181482077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181495905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181505919 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181509972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181530952 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181571960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181585073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181600094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181612968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181619883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181633949 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181690931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181705952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181729078 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181936979 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.181974888 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.181986094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182053089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182087898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.182135105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182151079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182183027 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.182187080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182203054 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182235003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.182265997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182384968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.182420969 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.502450943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502480984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502495050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502501965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502509117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502516031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502530098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502573967 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.502609015 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.502712965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502777100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502791882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502804995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502818108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.502819061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502844095 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.502847910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502862930 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502876997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502882957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.502891064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.502912045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.702950954 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.825747967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825781107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825798035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825813055 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825828075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825853109 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.825853109 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.825859070 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825876951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.825927019 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825959921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.825970888 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.825993061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826025009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826031923 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.826056957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826088905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826098919 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.826119900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826150894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826159954 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:17.826184034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826215029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:17.826227903 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.015465975 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.147573948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147639036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147671938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147680998 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.147703886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147716999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.147744894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147778034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147793055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.147809982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147841930 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147857904 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.147872925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.147916079 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.147999048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148032904 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148065090 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148077011 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.148106098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148138046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148144960 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.148169994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148211956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.148240089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148305893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148338079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148345947 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.148370028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.148380041 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.148410082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.148432970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.203109026 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.468972921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469002962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469017982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469033957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469048977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469063997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469077110 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469119072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469151020 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469192028 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469260931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469278097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469291925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469310045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469333887 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469337940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469398022 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469413996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469444036 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469471931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469515085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469542980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469573975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469614983 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469634056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469707012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469742060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469748974 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469801903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469845057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.469870090 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.469986916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.470037937 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.790512085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790530920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790545940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790559053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790608883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.790853977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790893078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790910006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790910959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.790910959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.790925026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790940046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790955067 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.790955067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790970087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790981054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.790985107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.790997982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.791013002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.791022062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.791028976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.791037083 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.791070938 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.791096926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.791169882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.791203022 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:18.791214943 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:18.999850035 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.109244108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.111963987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.111987114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112000942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112015009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112030029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112052917 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.112078905 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.112123013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112148046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112171888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112185955 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.112204075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112236977 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.112252951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112307072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.112343073 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430355072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430377960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430393934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430408001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430422068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430429935 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430468082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430468082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430530071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430558920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430594921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430596113 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430644035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430670023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430677891 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430740118 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.430775881 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.430975914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.431145906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.431168079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.431180000 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.431288958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.431312084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.431324959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.431375980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.431411982 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.432667017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753299952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753321886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753335953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753350019 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753364086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753381014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753397942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753396034 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.753412008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753426075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753427982 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.753439903 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.753439903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753454924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753462076 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.753468990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753490925 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.753653049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753669977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753690958 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:19.753709078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:19.753746033 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.074872971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.074922085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.074956894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.074989080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075025082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075046062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075057030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075046062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075088024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075119019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075119972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075139999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075153112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075184107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075206041 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075217009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075248003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075265884 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075280905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075313091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075329065 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075459003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075510025 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075527906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075561047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075592995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075612068 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075689077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075738907 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.075752020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075850010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075884104 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.075901985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.312362909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.396735907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.396846056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.396879911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.396910906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.396945953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.396949053 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397006989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397006989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397588968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397623062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397654057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397675037 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397686005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397716999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397732019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397753954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397785902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397799015 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397816896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397847891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397860050 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397878885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397924900 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.397927999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397959948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.397990942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.398004055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.515614986 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.718476057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718507051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718522072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718537092 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718553066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718566895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718571901 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.718588114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718595028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718601942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718606949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718611002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.718612909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718643904 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.718662024 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.718713045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718853951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718894958 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.718943119 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.718959093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.719001055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:20.719017982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.719079018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:20.719119072 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.039963007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040030956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040065050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040096998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040122986 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.040122986 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.040132999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040167093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040174961 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.040199995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040241957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.040415049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040447950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.040493965 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.361768961 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361803055 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361818075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361831903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361846924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361861944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361876965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361886978 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.361924887 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.361924887 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.361927032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361937046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361943007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361948967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361953974 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361968040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.361972094 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.361984015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.362000942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.362021923 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683331013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683393955 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683428049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683435917 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683460951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683470011 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683495045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683527946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683541059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683564901 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683597088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683608055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683629990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683660984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683674097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683691978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683722973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683736086 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683757067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683788061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683799028 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683820009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683851004 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.683861017 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.683974981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.684010029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.684021950 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:21.684084892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:21.684129953 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.004709959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.004784107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.004796982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.004854918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.004865885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.004865885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.004971027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.004983902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005012035 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005037069 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005076885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005208015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005438089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005471945 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005485058 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005578041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005620003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005625963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005637884 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005676031 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005676985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005768061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005781889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005810022 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005830050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005872011 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.005898952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005960941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.005983114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.006035089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.006119013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.006155014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.006160975 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.202975035 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326145887 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326215982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326232910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326234102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326246977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326261997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326273918 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326301098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326428890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326505899 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326539040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326570988 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326617002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326653004 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326653957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326653957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326719046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326747894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326816082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326857090 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.326881886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326930046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326942921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.326975107 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.327022076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.327055931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.327084064 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.327086926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.327137947 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.327152014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.499866009 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647423983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647484064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647519112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647555113 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647587061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647619009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647619963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647619963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647650003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647667885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647682905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647691965 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647713900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647758961 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647849083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647881031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647912025 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647919893 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.647943974 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647974968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.647984028 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.648006916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.648040056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.648046970 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.648111105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.648150921 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.648176908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.648209095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.648255110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.968705893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.968732119 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.968745947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.968755960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.968791962 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.968811989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.968825102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.968825102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.968847990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.969014883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969048977 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.969084978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969098091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969130039 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.969156027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969230890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969265938 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:22.969290972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969568968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969579935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:22.969686985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.289952040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.289979935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.289994001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.290005922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.290016890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.290028095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.290039062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.290049076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.290090084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.290132046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.609292984 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.611390114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611445904 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611474991 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.611481905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611520052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611529112 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.611552000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611593008 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.611737967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611752033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611766100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611788034 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.611948013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.611984968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.612045050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612059116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612068892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612080097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612092018 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.612109900 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.612118006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612231970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612268925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612270117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.612294912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612329006 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.612364054 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612536907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.612576008 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.612699986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.812387943 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.930284023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930373907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930387020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930402994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930401087 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.930414915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930433989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.930437088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930445910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.930499077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930540085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930555105 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.930596113 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:23.930632114 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:23.932198048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.251431942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.251461029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.251471996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.251630068 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:24.572639942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.572671890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.572685003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.572828054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:24.718703985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:24.893722057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:24.893857002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:25.214824915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:25.312371016 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:25.582350016 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:25.582463980 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:25.909796000 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.231256962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.231338024 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.552376986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552422047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552454948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552488089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552521944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552552938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552584887 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552591085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.552591085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.552615881 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552664995 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.552673101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552762985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.552767038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552803040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.552860975 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.552867889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.553217888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.553251028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.553272963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.703012943 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.873670101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873733997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873768091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873801947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873832941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873835087 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.873866081 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873871088 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.873872995 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.873924971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873934984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.873956919 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.873965979 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874005079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874006033 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.874412060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874444962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874454021 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.874480009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874512911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874522924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.874546051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874583006 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.874619007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874651909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874689102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:26.874717951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874752045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:26.874824047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.194931984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.194962978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.194973946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.194986105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.194998026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195008039 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195046902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195064068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195087910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195108891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195122004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195122004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195168018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195178986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195203066 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195257902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195298910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195398092 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195417881 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195429087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195456982 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195470095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195507050 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195595980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195678949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195691109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195718050 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195797920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195811987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195837021 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.195839882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.195875883 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.515476942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.515970945 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.515990973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516001940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516015053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516025066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516036987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516052961 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.516081095 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.516105890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516118050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516146898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.516197920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516243935 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.516278028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516294956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516304970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.516331911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.703011036 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836539030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836601973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836637974 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836673975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836694956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836705923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836734056 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836734056 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836739063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836769104 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836781025 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836802006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836833000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836863995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836879969 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836895943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836927891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836932898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.836961985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.836992025 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.837016106 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.837115049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.837146997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.837161064 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.837218046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.837249994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.837254047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:27.837282896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:27.837321997 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.158111095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158135891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158147097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158155918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158168077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158178091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158183098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158189058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158226013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158232927 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.158237934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158261061 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.158277988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.158312082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158396006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158433914 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.158477068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158546925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.158595085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.158605099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.202944040 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.479445934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479475975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479489088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479501963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479511023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479521990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479532957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479543924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479549885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479569912 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.479569912 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.479661942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.479662895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479749918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.479792118 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.480241060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480253935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480266094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480285883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480295897 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.480298042 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480310917 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480323076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480326891 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.480334044 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480350971 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.480380058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480386019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.480392933 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.480432034 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.806550026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806607962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806643963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.806663036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806694984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806703091 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.806730032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806761980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806768894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.806921959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806953907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.806961060 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.807019949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807056904 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.807113886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807208061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807241917 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807250977 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.807312965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807423115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807468891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807478905 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.807538033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807549953 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.807655096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807707071 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:28.807722092 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807928085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807960987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:28.807967901 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.015470028 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.127832890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.127885103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.127918959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.127943993 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.127950907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.127969027 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.127985001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128017902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128029108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128051996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128083944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128097057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128204107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128237963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128247976 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128303051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128345966 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128400087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128432035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128477097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128519058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128551006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128592968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128695965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128730059 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128762007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128773928 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128793955 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128825903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128838062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128859043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.128901958 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.128953934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.202971935 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449053049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449080944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449093103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449104071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449114084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449170113 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449184895 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449212074 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449219942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449232101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449254990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449287891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449320078 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449460030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449558973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449593067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449603081 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449625015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449661970 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449691057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449799061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449834108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449846983 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449866056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449906111 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.449960947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.449994087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.450023890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.450037956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.515465975 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.770452023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770482063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770493031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770503998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770509958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770522118 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770531893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770543098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770553112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770620108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.770675898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770703077 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.770714998 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.770790100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770879984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770909071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770915985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.770920992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.770950079 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.771234989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.771275043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.771306992 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.771337032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.771369934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.771383047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:29.771404982 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:29.812369108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.091929913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092060089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092086077 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092101097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092140913 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092179060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092216969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092262030 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092277050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092338085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092380047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092405081 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092446089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092462063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092494011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092495918 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092546940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092572927 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092638969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092663050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092688084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.092734098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.092777014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413096905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413158894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413193941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413225889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413247108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413258076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413263083 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413290977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413302898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413322926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413335085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413356066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413367987 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413508892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413527012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413542032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413559914 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413573027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413589001 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413606882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413652897 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413674116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413707972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413741112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413754940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413842916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413876057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413892031 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.413927078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413959980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.413974047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.414025068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.414072990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.734736919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.734798908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.734838009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.734859943 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.734870911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.734900951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.734904051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.734936953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.734947920 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.734972000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735004902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735018015 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735038996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735071898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735083103 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735104084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735136032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735147953 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735167980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735199928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735209942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735232115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735263109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735274076 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735296011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735327005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735338926 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735358000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735389948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735400915 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735424042 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735457897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735466003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.735579967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735613108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:30.735780001 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:30.812334061 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.056658983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056772947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056808949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056840897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056848049 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.056874037 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.056873083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056905985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056915998 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.056938887 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056972027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.056983948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057003975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057037115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057051897 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057070017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057101965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057113886 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057137012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057168961 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057180882 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057200909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057231903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057244062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057265043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057295084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057308912 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057326078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057357073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057368994 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.057388067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057419062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.057431936 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.203013897 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.378380060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378402948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378413916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378424883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378436089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378447056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378458023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378468990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378479958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378489971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378499985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378559113 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.378585100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378596067 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.378597021 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378632069 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.378652096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378700018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378742933 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.378765106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378791094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378835917 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.378854990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378937006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378951073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378961086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378971100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.378982067 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.379005909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.379061937 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.379106045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.379206896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.515619993 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.699742079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699796915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699829102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699856997 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.699856997 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.699861050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699871063 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.699897051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699928045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699938059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.699959993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.699990988 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700009108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.700021982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700052977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700063944 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.700084925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700115919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700129032 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.700146914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700177908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700186968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.700208902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700238943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700252056 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.700273037 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700304031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700315952 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:31.700335026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:31.700376987 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.015470028 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.022578001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022622108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022655964 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022670984 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.022690058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022702932 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.022722006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022754908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022766113 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.022785902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022820950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022836924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.022852898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022885084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022895098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.022919893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022953987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.022964001 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.023027897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.023061037 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.023071051 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.023092031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.023133039 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.023191929 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.023225069 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.023255110 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.023264885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.203079939 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338035107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338094950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338128090 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338160038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338177919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338181019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338206053 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338217974 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338227034 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338251114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338284969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338298082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338320017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338359118 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338366985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338370085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338402033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338413000 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338435888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338469028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338481903 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338505030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338541031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338550091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338562012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.338581085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.338594913 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.343666077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.343702078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.343753099 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659533978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659558058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659571886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659605026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659621000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659660101 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659666061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659692049 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659825087 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659825087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659857988 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659873009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659895897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659910917 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659910917 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659925938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659935951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659939051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.659966946 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.659995079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660038948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.660092115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660109043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660136938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660147905 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.660202980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660219908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660247087 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.660336018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660377026 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.660517931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660533905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.660578012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.980715990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980743885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980758905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980767012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980778933 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980871916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980942011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980945110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.980957985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.980973959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.980997086 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.981039047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981069088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981084108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981085062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.981127977 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.981259108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981275082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981288910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981297016 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.981302977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981313944 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.981342077 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:32.981372118 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981415033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:32.981446981 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.301996946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302027941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302045107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302088022 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302118063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302138090 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.302167892 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.302167892 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.302177906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302243948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302259922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302274942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302284956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.302313089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.302335978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302407026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302449942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.302459002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302474976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302504063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.302515030 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.499880075 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623116016 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623168945 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623204947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623235941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623248100 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623269081 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623275042 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623301029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623317003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623332024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623362064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623374939 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623455048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623487949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623497009 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623519897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623549938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623565912 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623580933 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623622894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623647928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623743057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623774052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623785973 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623805046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623835087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623847008 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.623897076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623929024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.623938084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.812355995 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.944396019 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944452047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944489956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944520950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944540977 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.944540977 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.944555998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944588900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944602013 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.944714069 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944726944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944751024 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.944758892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944802999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.944828987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944895029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.944940090 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.945014954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.945048094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.945094109 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:33.945113897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.945153952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:33.945197105 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.265584946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265644073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265681028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265691996 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.265718937 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265723944 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.265734911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265748024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265784025 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.265853882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.265901089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266011953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266046047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266079903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266091108 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266146898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266179085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266191959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266211033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266252041 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266294956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266328096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266371012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266433954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266544104 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266577005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266587973 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266609907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266650915 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266685009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266822100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266866922 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.266936064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.266968012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.267010927 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.586721897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586747885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586764097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586777925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586791992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586810112 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.586810112 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.586837053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586839914 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.586905956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586920977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.586949110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587021112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587038040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587074995 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587214947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587230921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587258101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587259054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587297916 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587337017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587482929 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587501049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587515116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587523937 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587552071 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587601900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587646008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.587687016 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.587708950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.703016043 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.907907963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.907968998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908000946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908035040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908071041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908077002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908101082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908116102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908123970 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908133984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908164978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908181906 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908195972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908226967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908241987 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908257961 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908288956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908302069 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908319950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908349991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908364058 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908381939 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908423901 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908508062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908581972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908626080 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908644915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908771992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908804893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908816099 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908837080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908878088 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:34.908961058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.908993006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.909024954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:34.909035921 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.015475988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.239990950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240021944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240036011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240051031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240072966 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.240078926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240093946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240097046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240097046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.240098953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240101099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240215063 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.240303993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240355015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240396976 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.240439892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240566015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240577936 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240617037 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.240688086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240731955 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.240763903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240894079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.240938902 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.241107941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.241123915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.241162062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.241290092 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.241367102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.241406918 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561186075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561248064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561280966 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561311960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561345100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561377048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561379910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561379910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561379910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561408997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561439991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561471939 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561502934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561534882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561568975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561614990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561614990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561614990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561692953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561739922 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.561795950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561831951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.561876059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.883582115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883608103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883618116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883626938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883639097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883649111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883657932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883667946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883729935 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.883765936 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883769989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.883780003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883833885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883900881 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.883936882 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.883936882 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:35.884022951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:35.884063959 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.205509901 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205539942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205555916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205581903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205607891 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.205638885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.205638885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.205697060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205714941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205734015 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.205840111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.205879927 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.205883026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206026077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206044912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206060886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206068039 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.206077099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206098080 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.206121922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206159115 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.206218958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206305981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206343889 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.206353903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206408024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.206445932 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528367996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528435946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528466940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528498888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528532982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528558969 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528563976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528592110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528592110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528597116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528626919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528644085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528657913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528688908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528709888 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528721094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528750896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.528764009 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.528997898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529030085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529047012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.529155016 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529186010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529205084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.529217005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529247046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529259920 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.529278994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529310942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.529321909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.703114986 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.851913929 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.851979017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852010965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852044106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852077007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852082014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852109909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852112055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852130890 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852142096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852174997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852186918 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852205992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852237940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852248907 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852269888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852300882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852313042 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852334023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852376938 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852457047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852493048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852525949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852540016 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852557898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852588892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852600098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:36.852621078 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852653980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:36.852663040 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.015486002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.176409960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176434994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176493883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176506996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176517963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176528931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176570892 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.176645041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176656008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176675081 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.176675081 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.176686049 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.176753998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176765919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176809072 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.176922083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176935911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.176974058 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177107096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177119017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177150011 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177174091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177186012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177213907 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177345037 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177357912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177398920 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177407980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177419901 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177450895 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177503109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177520037 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177552938 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177570105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177581072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.177611113 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.177767992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.312374115 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.498977900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499006033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499017954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499027967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499037981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499052048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499057055 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499063969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499074936 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499085903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499089003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499089003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499095917 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499106884 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499126911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499233007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499274969 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499321938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499335051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499373913 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499381065 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499412060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499447107 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499453068 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.499511003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499535084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.499551058 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.703129053 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820167065 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820230007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820262909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820295095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820327044 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820327997 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820360899 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820367098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820367098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820394993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820425987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820441008 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820460081 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820494890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820503950 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820528030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820559025 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820571899 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820590019 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820638895 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.820724010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820755959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.820800066 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:37.821016073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.821083069 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.821116924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:37.821130991 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.015515089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.141691923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141716003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141725063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141733885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141743898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141752958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141761065 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141782045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.141782045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.141813040 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.141904116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141913891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.141951084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.141964912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142096996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142107964 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142147064 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.142158031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142199993 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.142214060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142285109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142326117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.142337084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142353058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142395020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142419100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142456055 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.142497063 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.203228951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.462857008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462886095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462898016 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462907076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462919950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462929010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462938070 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462946892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.462956905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.463016987 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.463140011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.463172913 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.463175058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.463181019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.463202000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.463241100 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.463270903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.463339090 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.463382006 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786683083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786710024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786720991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786731958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786741972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786751986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786763906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786833048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786848068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786854029 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786859035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786869049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786880970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786881924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786881924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786890984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786901951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786910057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786911964 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786921024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786925077 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786931038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:38.786952019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:38.786966085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.108366966 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108396053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108406067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108411074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108418941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108429909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108438969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108447075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108455896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108464956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108474016 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108587027 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.108604908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108642101 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.108652115 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.108688116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108782053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.108819008 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.431447983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431467056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431477070 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431485891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431495905 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431504965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431513071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431524038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431533098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431540966 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431550980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431559086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431567907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431576014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431586981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431595087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431603909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.431675911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.431675911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.431675911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.431675911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.752907038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752929926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752938986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752948046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752957106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752964973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752974033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752979994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752988100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.752995014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753004074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753011942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753062010 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.753154993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753163099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753191948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.753191948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.753191948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.753231049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753248930 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753276110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.753293991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753331900 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:39.753351927 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753463030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753473043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:39.753508091 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.074342012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074384928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074394941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074404955 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074417114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074426889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074435949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074445009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074506044 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074510098 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.074552059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.074553967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074558973 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.074608088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.074654102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.074664116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075114965 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075129986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075139999 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075149059 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075158119 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075166941 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.075167894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075176001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075185061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075186014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.075193882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075203896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075205088 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.075213909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.075234890 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.075234890 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.075251102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.395817041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.395875931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.395910978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.395946026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.395977020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396009922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396042109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396073103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396083117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396083117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396083117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396083117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396106005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396136045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396156073 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396167994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396198034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396212101 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396229029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396260023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396274090 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396382093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396414042 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396426916 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.396445990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.396487951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717366934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717427015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717458963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717495918 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717526913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717557907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717588902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717619896 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717634916 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717634916 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717634916 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717650890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717675924 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717681885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717699051 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717714071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717751980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717756033 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717782974 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717813969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717827082 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.717962027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.717994928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718007088 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.718079090 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718111038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718125105 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.718142033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718173981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718179941 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.718204975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718249083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:40.718251944 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:40.812350988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.039907932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040009975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040029049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040035009 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040074110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040132046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040147066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040182114 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040249109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040265083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040301085 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040364027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040379047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040414095 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040427923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040443897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040478945 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040523052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040599108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040635109 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040652990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040721893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040755987 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040795088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040810108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040851116 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.040857077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040980101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.040994883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.041022062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.202938080 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361284971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361318111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361334085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361350060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361365080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361378908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361396074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361408949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361414909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361423016 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361438036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361442089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361469984 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361476898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361501932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361541033 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361550093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361706972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361741066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361752987 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.361773968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.361810923 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.682897091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.682955980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.682993889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:41.683032036 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:41.683073044 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:42.004323959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:42.004357100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:42.004462004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:42.325432062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:42.325458050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:42.325582981 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:43.127837896 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:43.448734045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.448833942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:43.769823074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.769843102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.769865990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.769900084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.769969940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.769969940 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:43.769970894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:43.770004034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:43.770042896 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.091490984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091517925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091528893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091541052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091556072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091567039 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091572046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.091579914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091613054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.091613054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.091650963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091665983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091675997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091686010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091696978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091706991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091758013 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.091794968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091808081 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.091833115 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.091855049 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.412501097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412518978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412532091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412544012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412554026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412663937 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412676096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412691116 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.412698984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412734985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.412734985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.412749052 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.412802935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412868023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412909985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.412950993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412962914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.412991047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.413006067 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.515446901 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.733978987 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734029055 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734041929 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734051943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734065056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734076977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734097958 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.734111071 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734122038 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734127045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.734127045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.734132051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734173059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.734266043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734287024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734293938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734316111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734330893 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.734349012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:44.734381914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734394073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:44.734426022 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055175066 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055198908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055207014 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055217028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055227995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055241108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055250883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055262089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055337906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055350065 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055406094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055445910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055445910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055445910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055455923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055485010 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055527925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055538893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055550098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055572033 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055593967 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.055689096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055702925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.055738926 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.376482010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376488924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376493931 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376512051 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376523972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376534939 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376545906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376571894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376574039 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.376605988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.376653910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376692057 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.376692057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.499913931 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.697789907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697815895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697828054 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697839975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697849989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697860956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697871923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697882891 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697907925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697935104 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.697957993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.697967052 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.697967052 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.697967052 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.697977066 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.698014021 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.698038101 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.698055983 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.698081017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.698124886 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.698173046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.698184967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.698223114 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:45.698277950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:45.812329054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019371986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019392967 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019403934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019412041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019422054 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019433975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019444942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019453049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019463062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019473076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019473076 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019473076 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019483089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019493103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019503117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019503117 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019536018 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019546032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019593000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019718885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019736052 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019766092 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019798040 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019809008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019840956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.019864082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019943953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.019989014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.340698004 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340720892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340730906 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340740919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340751886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340761900 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340771914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340780973 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340785980 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340826035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.340852976 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.340924978 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.340924978 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.341276884 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.341311932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.341356993 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.341370106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.341382027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.341424942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.341439962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.515430927 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.661916018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.661947966 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.661963940 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.661977053 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.661988020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.661999941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662010908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662072897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662085056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662133932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662261963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.662261963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.662261963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.662384033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662396908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662420034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662466049 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662468910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.662516117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662533045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.662578106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662641048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662645102 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.662655115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.662709951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.983311892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983367920 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983381033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983386993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983392000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983397961 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983403921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983409882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983414888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983460903 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983473063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983550072 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.983675003 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983715057 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.983745098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983756065 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983793020 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.983808041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983831882 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983851910 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:46.983922005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:46.983962059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.304430008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304461002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304472923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304485083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304496050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304507971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304553986 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304588079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304661036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304706097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.304706097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.304706097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.304718018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304732084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304775953 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.304900885 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304945946 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.304955959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.304969072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.305006027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.305006981 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.515455008 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.626918077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.626990080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627024889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627062082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627067089 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.627094030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627103090 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.627126932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627136946 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.627159119 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627191067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627202988 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.627223969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627254963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627268076 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.627290010 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627322912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.627332926 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.702941895 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.948959112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949023962 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949057102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949091911 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949115038 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.949115038 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.949126005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949158907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949165106 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.949198008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949229956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949239016 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.949263096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949295044 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949302912 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.949326992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.949362993 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.950201035 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950237036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950269938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950280905 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.950301886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950333118 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950340986 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.950366020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950408936 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:47.950416088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950448036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950479984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:47.950486898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.015477896 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.273379087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273420095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273437977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273456097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273473978 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273489952 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273505926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273514032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273526907 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.273560047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.273560047 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.273736000 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273791075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273808002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273829937 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.273864031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.273901939 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.274075031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.274092913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.274130106 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.274132013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.274149895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.274164915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.274179935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.274199963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.274216890 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.594544888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594578981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594594002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594611883 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594626904 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594640970 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594660997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594676018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594705105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594753027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.594794989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.594794989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.594794989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.594921112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595419884 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595460892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595484018 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.595498085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595515966 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595532894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595550060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595551014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.595566034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595575094 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.595581055 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.595654964 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.915739059 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.915750027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.915777922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.915792942 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.915838003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.915843964 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.915859938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.915870905 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.915893078 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.915941954 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916016102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916049004 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.916083097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916208029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916244030 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.916311026 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916327953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916359901 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.916462898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916479111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916517973 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.916573048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916655064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916697025 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916699886 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.916749001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916785955 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:48.916831017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.916883945 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:48.917150021 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237104893 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237128019 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237142086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237155914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237169981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237185001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237198114 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237211943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237237930 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237272024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237287045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237306118 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237313032 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237358093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237397909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237523079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237585068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237600088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237624884 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237654924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237694979 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237708092 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237765074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237802982 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.237819910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237852097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.237884045 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.238259077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.238274097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.238312006 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.558355093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558384895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558399916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558415890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558430910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558444977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558456898 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.558494091 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.558548927 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558583021 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558588028 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.558634043 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.558850050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558886051 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.558952093 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.558981895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.559015036 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.559017897 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.559077024 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.559111118 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.559163094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.559226990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.559261084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879524946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879555941 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879571915 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879585981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879601002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879615068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879626989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879628897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879643917 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879650116 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879657984 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879672050 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879712105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879728079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879750967 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879822969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879838943 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879862070 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:49.879879951 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:49.879914999 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.200898886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.200936079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.200951099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.200964928 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.200982094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.200995922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201009989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201023102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201036930 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201050997 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201066017 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201070070 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201080084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201095104 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201108932 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201114893 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201114893 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201123953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201137066 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201169968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201208115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201222897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201262951 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201440096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201469898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201519012 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.201546907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201577902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201621056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.201622009 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.312361002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522120953 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522155046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522170067 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522183895 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522197008 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522211075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522213936 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522223949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522233963 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522239923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522254944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522257090 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522269011 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522272110 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522284031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522293091 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522341013 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.522351027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522382975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522396088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.522418976 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.702966928 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.843365908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843399048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843414068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843430042 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843444109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843456984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843470097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843485117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843527079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843544006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843626976 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843647957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.843647957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.843647957 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.843667984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843703985 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.843749046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843780994 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.843815088 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.843981981 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.844048023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.844063044 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.844084978 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:50.844146013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:50.844182968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.164783001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.164818048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.164832115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.164840937 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.164849043 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.164855957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.164875031 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.164885998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.165141106 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.165164948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.165203094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.165218115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.165246010 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.165277958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.165313005 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.165344000 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.312340975 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.487781048 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487804890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487818956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487833977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487847090 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487863064 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487878084 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487891912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487905025 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487957001 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.487977982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.487993956 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488013029 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.488013029 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.488152027 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488190889 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.488296032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488311052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488325119 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488338947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488347054 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.488369942 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.488535881 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488554001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.488599062 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.808990955 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809017897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809031963 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809046030 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809060097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809075117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809087992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809087038 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809128046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809128046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809128046 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809175968 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809206009 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809243917 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809274912 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809331894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809365034 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809371948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809415102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809449911 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809467077 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809497118 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809535027 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809566021 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809669971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:51.809705019 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:51.809863091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.015458107 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130273104 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130304098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130317926 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130325079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130343914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130359888 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130393028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130409002 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130444050 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130485058 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130502939 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130506039 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130541086 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130542994 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130542994 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130553007 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130597115 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130641937 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130645037 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130784988 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130801916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130815983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130829096 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.130844116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.130857944 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.202960968 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451211929 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451328993 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451347113 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451407909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451426029 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451456070 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451481104 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451503038 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451517105 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451574087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451591015 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451625109 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451625109 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451673031 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451674938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451721907 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451759100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451766014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451823950 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.451869965 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.451886892 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452166080 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452208042 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.452241898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452434063 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452450991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452481031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452486038 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.452521086 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.452593088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452620983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.452662945 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.452672958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.515460014 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772516012 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772545099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772561073 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772578001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772592068 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772607088 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772614002 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772620916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772650003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772650003 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772658110 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772659063 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772754908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772795916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772799015 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772813082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772842884 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772859097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.772945881 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.772965908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.773020983 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.773021936 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.773062944 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:52.773066998 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.773134947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:52.773176908 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.093619108 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093647957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093672991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093691111 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093725920 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.093755007 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093787909 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.093825102 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093841076 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093854904 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.093863010 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.093903065 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.093946934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094026089 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094079018 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094098091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094105005 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.094137907 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.094172001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094214916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094230890 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094268084 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.094300032 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094347000 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.094356060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094368935 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.094410896 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.414941072 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.414971113 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.414988041 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.415038109 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.415080070 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:53.736253977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.736287117 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.736294031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:53.736521006 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:54.059444904 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.059475899 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.059494019 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.059528112 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:54.059592962 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:54.380466938 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380487919 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380498886 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380507946 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380517960 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380527020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380537033 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.380556107 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:54.380580902 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:54.701673031 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.701699972 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.701713085 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:54.701818943 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.023336887 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.023359060 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.023370028 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.023381948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.023447990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.023480892 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.345751047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345772982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345783949 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345794916 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345804930 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345813990 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345824957 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345835924 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.345901966 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.347568989 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.666958094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.666980982 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.666994095 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667005062 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667013884 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667090893 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667103052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667124033 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667141914 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667165995 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667190075 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667232037 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667273045 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667284966 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667324066 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667699099 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667714119 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667723894 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667753935 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667766094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667803049 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667817116 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667913914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.667948961 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.667962074 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.668009996 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.668049097 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.990931988 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.990967989 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.990979910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.990989923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991004944 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991031885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991031885 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991065025 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991117001 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991128922 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991139889 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991180897 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991290092 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991333961 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991456985 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991470098 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991480112 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991507053 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991590023 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991602898 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991611958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991636038 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991658926 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991760969 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991774082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:55.991811991 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:55.991926908 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.109173059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.312347889 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.312469959 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312495947 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312506914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312517881 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312529087 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312534094 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312545061 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312572956 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.312594891 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.312938929 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.312983990 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.313041925 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313055992 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313066006 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313100100 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.313311100 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313323975 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313333988 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313345909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313358068 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.313374996 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.313378096 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313400984 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.313419104 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.515466928 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.633359909 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633385897 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633398056 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633409977 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633419991 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633430958 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633440971 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633467913 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633507013 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633555889 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.633555889 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.633555889 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.633639097 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633681059 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.633707047 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633805037 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633819103 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633843899 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.633868933 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.633910894 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.634030104 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.634100914 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.634125948 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.634139061 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.702945948 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.954667091 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954693079 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954704046 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954716921 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954726934 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954737902 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954778910 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954844952 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.954844952 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.954895020 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954963923 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954976082 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.954994917 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.955012083 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.955044031 CET4970616037192.168.2.5206.238.220.90
                  Feb 7, 2024 15:42:56.955059052 CET1603749706206.238.220.90192.168.2.5
                  Feb 7, 2024 15:42:56.955123901 CET4970616037192.168.2.5206.238.220.90
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 7, 2024 15:38:57.309463024 CET5550753192.168.2.51.1.1.1
                  Feb 7, 2024 15:38:58.297538996 CET5550753192.168.2.51.1.1.1
                  Feb 7, 2024 15:38:58.442581892 CET53555071.1.1.1192.168.2.5
                  Feb 7, 2024 15:38:58.442606926 CET53555071.1.1.1192.168.2.5
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 7, 2024 15:38:57.309463024 CET192.168.2.51.1.1.10xd4a7Standard query (0)whois.pconline.com.cnA (IP address)IN (0x0001)false
                  Feb 7, 2024 15:38:58.297538996 CET192.168.2.51.1.1.10xd4a7Standard query (0)whois.pconline.com.cnA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 7, 2024 15:38:58.442581892 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cnwhois.pconline.com.cn.ctadns.cnCNAME (Canonical name)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442581892 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.168A (IP address)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442581892 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.169A (IP address)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442581892 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.160A (IP address)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442606926 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cnwhois.pconline.com.cn.ctadns.cnCNAME (Canonical name)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442606926 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.168A (IP address)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442606926 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.169A (IP address)IN (0x0001)false
                  Feb 7, 2024 15:38:58.442606926 CET1.1.1.1192.168.2.50xd4a7No error (0)whois.pconline.com.cn.ctadns.cn14.29.101.160A (IP address)IN (0x0001)false
                  • whois.pconline.com.cn
                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.54970714.29.101.168807388C:\Program Files (x86)\msiexec.exe
                  TimestampBytes transferredDirectionData
                  Feb 7, 2024 15:38:58.804300070 CET103OUTGET /ipJson.jsp HTTP/1.1
                  User-Agent: HTTPGET
                  Host: whois.pconline.com.cn
                  Cache-Control: no-cache
                  Feb 7, 2024 15:38:59.515779018 CET103OUTGET /ipJson.jsp HTTP/1.1
                  User-Agent: HTTPGET
                  Host: whois.pconline.com.cn
                  Cache-Control: no-cache
                  Feb 7, 2024 15:39:00.540734053 CET581INHTTP/1.1 200 OK
                  Server: openresty
                  Date: Wed, 07 Feb 2024 14:39:00 GMT
                  Content-Type: text/html; charset=GBK
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Vary: Accept-Encoding
                  Cache-Control: no-cache
                  Age: 0
                  Ctl-Cache-Status: MISS from hb-wuhan9-ca05, MISS from gd-guangzhou8-ca20, MISS from gd-guangzhou8-ca26
                  Request-Id: 65c396037bc9a82f9994de67e3396409
                  Data Raw: 63 63 0d 0a 0a 0a 0a 0a 0a 69 66 28 77 69 6e 64 6f 77 2e 49 50 43 61 6c 6c 42 61 63 6b 29 20 7b 49 50 43 61 6c 6c 42 61 63 6b 28 7b 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 37 34 22 2c 22 70 72 6f 22 3a 22 22 2c 22 70 72 6f 43 6f 64 65 22 3a 22 39 39 39 39 39 39 22 2c 22 63 69 74 79 22 3a 22 22 2c 22 63 69 74 79 43 6f 64 65 22 3a 22 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 22 2c 22 72 65 67 69 6f 6e 43 6f 64 65 22 3a 22 30 22 2c 22 61 64 64 72 22 3a 22 20 c2 de c2 ed c4 e1 d1 c7 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 73 22 3a 22 22 2c 22 65 72 72 22 3a 22 6e 6f 70 72 6f 76 69 6e 63 65 22 7d 29 3b 7d 0a 0a 0a 0a 0d 0a
                  Data Ascii: ccif(window.IPCallBack) {IPCallBack({"ip":"81.181.57.74","pro":"","proCode":"999999","city":"","cityCode":"0","region":"","regionCode":"0","addr":" ","regionNames":"","err":"noprovince"});}
                  Feb 7, 2024 15:39:00.540767908 CET5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Click to jump to process

                  Click to jump to process

                  Click to dive into process behavior distribution

                  Click to jump to process

                  Target ID:0
                  Start time:15:38:49
                  Start date:07/02/2024
                  Path:C:\Users\user\Desktop\C7jdH7geD6.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Users\user\Desktop\C7jdH7geD6.exe
                  Imagebase:0x400000
                  File size:147'456 bytes
                  MD5 hash:2498F71C2E68A551033E64C7BA1AB19A
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Target ID:2
                  Start time:15:38:55
                  Start date:07/02/2024
                  Path:C:\Program Files (x86)\msiexec.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
                  Imagebase:0x210000
                  File size:59'904 bytes
                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 0%, ReversingLabs
                  Reputation:moderate
                  Has exited:false

                  Target ID:3
                  Start time:15:39:04
                  Start date:07/02/2024
                  Path:C:\Windows\explorer.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\explorer.exe" "C:\Users\user\Documents\msedge.exe
                  Imagebase:0x7ff674740000
                  File size:5'141'208 bytes
                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Target ID:4
                  Start time:15:39:04
                  Start date:07/02/2024
                  Path:C:\Windows\explorer.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                  Imagebase:0x7ff674740000
                  File size:5'141'208 bytes
                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Target ID:5
                  Start time:15:39:06
                  Start date:07/02/2024
                  Path:C:\Users\user\Documents\msedge.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Documents\msedge.exe"
                  Imagebase:0x400000
                  File size:147'456 bytes
                  MD5 hash:2498F71C2E68A551033E64C7BA1AB19A
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 61%, ReversingLabs
                  Reputation:low
                  Has exited:true

                  Target ID:8
                  Start time:15:39:06
                  Start date:07/02/2024
                  Path:C:\Users\user\Documents\msedge.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Documents\msedge.exe"
                  Imagebase:0x400000
                  File size:147'456 bytes
                  MD5 hash:2498F71C2E68A551033E64C7BA1AB19A
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Target ID:10
                  Start time:15:39:12
                  Start date:07/02/2024
                  Path:C:\Program Files (x86)\msiexec.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files (x86)\msiexec.exe" -Puppet
                  Imagebase:0x210000
                  File size:59'904 bytes
                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  Reset < >

                    Execution Graph

                    Execution Coverage:2%
                    Dynamic/Decrypted Code Coverage:74.1%
                    Signature Coverage:25%
                    Total number of Nodes:525
                    Total number of Limit Nodes:19
                    execution_graph 40042 40d3d0 #4464 40043 40d3e2 40042->40043 40044 40d3e8 40042->40044 40046 40d400 40044->40046 40047 40d600 #3797 GetDlgItem #6242 #6215 #4284 40044->40047 40047->40046 40048 4010b0 #1134 #2621 #6117 #4159 #823 40049 401128 40048->40049 40050 40110b #520 40048->40050 40051 40112a #986 #296 #5214 #5301 40049->40051 40050->40051 40052 401167 #617 40051->40052 40053 40118a #6215 UpdateWindow #617 40051->40053 40054 413440 #823 40055 413473 40054->40055 40056 413489 40054->40056 40059 4134c0 40055->40059 40058 41347a 40062 409950 #303 40059->40062 40061 4134e4 #384 #384 #2097 #2097 40061->40058 40075 404b50 #567 40062->40075 40064 409995 #540 #384 40076 408d70 #567 #1168 GetClassInfoA 40064->40076 40067 409ae8 #472 40069 409afb #823 40067->40069 40068 409af9 40068->40069 40070 409b1d #472 40069->40070 40071 409b2e 40069->40071 40072 409b30 11 API calls 40070->40072 40071->40072 40080 405a30 40072->40080 40074 409bea #860 40074->40061 40075->40064 40077 408e18 7 API calls 40076->40077 40078 408dbf LoadCursorA #1232 40076->40078 40077->40067 40077->40068 40078->40077 40079 408e13 #1270 40078->40079 40079->40077 40080->40074 40081 413120 #4457 40082 4131d8 40081->40082 40083 413138 #2120 40081->40083 40083->40082 40084 413158 #4163 40083->40084 40084->40082 40085 413168 40084->40085 40090 413020 #823 40085->40090 40087 41316d #2117 40087->40082 40088 413189 #6000 40087->40088 40088->40082 40089 41319b #5871 #2626 #2627 #2494 40088->40089 40091 413072 40090->40091 40092 41306b 40090->40092 40111 412db0 40091->40111 40110 4014b0 WSAStartup CreateEventA 40092->40110 40096 412db0 28 API calls 40097 4130a0 40096->40097 40098 412db0 28 API calls 40097->40098 40099 4130b0 40098->40099 40100 412db0 28 API calls 40099->40100 40101 4130c0 40100->40101 40102 412db0 28 API calls 40101->40102 40103 4130d3 40102->40103 40151 401700 24 API calls 40103->40151 40105 4130dd 40106 4130ef 40105->40106 40152 401590 GetProcAddress send 40105->40152 40108 4130fa 40106->40108 40109 4130fc Sleep 40106->40109 40108->40108 40109->40087 40110->40091 40153 412d30 CreateToolhelp32Snapshot Process32First 40111->40153 40113 412dbf 40114 413014 40113->40114 40115 412dcc OpenProcess 40113->40115 40114->40096 40115->40114 40116 412de4 OpenProcessToken 40115->40116 40117 41300d CloseHandle 40116->40117 40118 412dfd LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges 40116->40118 40117->40114 40159 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40118->40159 40120 412e7d 40160 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40120->40160 40122 412e8e 40161 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40122->40161 40124 412e9f 40162 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40124->40162 40126 412eb3 40163 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40126->40163 40128 412ec7 40164 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40128->40164 40130 412edb 40165 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40130->40165 40132 412ef2 40166 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40132->40166 40134 412f03 40167 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40134->40167 40136 412f14 40168 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40136->40168 40138 412f28 40169 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40138->40169 40140 412f3c 40170 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40140->40170 40142 412f50 40171 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40142->40171 40144 412f67 40172 412cd0 LookupPrivilegeValueA AdjustTokenPrivileges 40144->40172 40146 412f78 GetLengthSid SetTokenInformation 40173 412b80 8 API calls 40146->40173 40148 412fd0 40174 412c90 PostThreadMessageA 40148->40174 40150 412fe9 TerminateProcess CloseHandle #825 40150->40117 40151->40105 40152->40106 40154 412d9b FindCloseChangeNotification 40153->40154 40155 412d5d _stricmp 40153->40155 40154->40113 40156 412d97 40155->40156 40157 412d79 Process32Next 40155->40157 40156->40154 40157->40154 40158 412d88 _stricmp 40157->40158 40158->40156 40158->40157 40159->40120 40160->40122 40161->40124 40162->40126 40163->40128 40164->40130 40165->40132 40166->40134 40167->40136 40168->40138 40169->40140 40170->40142 40171->40144 40172->40146 40173->40148 40174->40150 40175 401804 40178 401830 GetProcAddress socket 40175->40178 40177 40181f 40179 401864 40178->40179 40180 40185a 40178->40180 40181 401866 GetProcAddress gethostbyname 40179->40181 40180->40177 40182 401891 GetProcAddress connect 40181->40182 40183 4018c1 LoadLibraryA GetProcAddress 40182->40183 40184 4018fb CreateThread 40182->40184 40185 4018dc LoadLibraryA GetProcAddress 40183->40185 40184->40177 40187 401920 40184->40187 40186 4018f6 40185->40186 40186->40181 40188 40192a 40187->40188 40189 401965 GetProcAddress recv 40188->40189 40190 4019c9 40188->40190 40192 40199d Sleep Sleep Sleep 40188->40192 40189->40188 40189->40190 40191 401a00 Sleep Sleep Sleep Sleep Sleep 40190->40191 40195 4015d0 RegOpenKeyA RegCloseKey 40191->40195 40192->40188 40192->40190 40194 401a1e 40196 401617 40195->40196 40197 401609 GetTickCount 40195->40197 40198 401620 GetTickCount 40196->40198 40199 401655 10 API calls 40196->40199 40197->40196 40198->40199 40199->40194 40200 2550000 40199->40200 40203 2550010 40200->40203 40206 2550040 40203->40206 40205 255000a 40225 2550810 40206->40225 40208 2550048 40247 2550430 40208->40247 40210 255005a 40211 2550070 40210->40211 40212 2550063 40210->40212 40275 2550590 40211->40275 40353 2550640 LoadLibraryA 40212->40353 40215 2550069 40215->40205 40217 2550082 40354 2550640 LoadLibraryA 40217->40354 40218 255008f 40278 1000fb60 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW 40218->40278 40221 2550088 40221->40205 40223 2550098 40223->40205 40226 25508a4 40225->40226 40356 25507a0 40226->40356 40228 2551110 40229 25507a0 LoadLibraryA 40228->40229 40230 2551131 40229->40230 40231 25507a0 LoadLibraryA 40230->40231 40232 2551197 40231->40232 40233 25507a0 LoadLibraryA 40232->40233 40234 25511b5 40233->40234 40235 25507a0 LoadLibraryA 40234->40235 40236 25511ff 40235->40236 40237 25507a0 LoadLibraryA 40236->40237 40238 2551289 40237->40238 40239 25507a0 LoadLibraryA 40238->40239 40240 25512aa 40239->40240 40241 25507a0 LoadLibraryA 40240->40241 40242 25512cb 40241->40242 40243 25507a0 LoadLibraryA 40242->40243 40244 25512ec 40243->40244 40245 25507a0 LoadLibraryA 40244->40245 40246 25513ed 40245->40246 40246->40208 40248 2550810 LoadLibraryA 40247->40248 40249 255043a 40248->40249 40250 2550447 40249->40250 40251 2550462 VirtualAlloc 40249->40251 40250->40210 40252 255047a 40251->40252 40253 255048f 40252->40253 40254 25504a0 VirtualAlloc VirtualAlloc 40252->40254 40253->40210 40255 25504e2 40254->40255 40359 25500b0 40255->40359 40257 25504fc 40364 2550300 40257->40364 40260 2550530 40369 2550160 40260->40369 40261 2550520 40381 2550640 LoadLibraryA 40261->40381 40264 2550525 40264->40210 40266 2550574 40266->40210 40267 2550547 40382 2550640 LoadLibraryA 40267->40382 40268 2550558 40375 10014a0f 40268->40375 40270 255054d 40270->40210 40273 2550569 40273->40210 40276 2550810 LoadLibraryA 40275->40276 40277 255007b 40276->40277 40277->40217 40277->40218 40279 1000fbe0 _memset 40278->40279 40280 10012eb4 messages 77 API calls 40279->40280 40282 1000fbf3 40279->40282 40280->40282 40456 100055b0 RegCreateKeyA 40282->40456 40284 1000fc38 40467 1000f710 40284->40467 40285 1000fd4e 40286 1000fd72 40285->40286 40287 1000fd53 GetModuleFileNameA 40285->40287 40290 1000fd12 40286->40290 40291 1000fd77 OutputDebugStringA 40286->40291 40289 1000fcf7 SetFileAttributesA CreateThread 40287->40289 40289->40290 40643 1000fac0 40289->40643 40294 1000fd18 OutputDebugStringA 40290->40294 40291->40294 40293 1000f710 129 API calls 40295 1000fc56 40293->40295 40296 1000fec7 40294->40296 40297 1000fd2e 40294->40297 40298 1000f710 129 API calls 40295->40298 40299 10010040 40296->40299 40300 1000fecd OutputDebugStringA 40296->40300 40306 1000fd3e 40297->40306 40513 10012eb4 40297->40513 40301 1000fc66 40298->40301 40555 10013318 40299->40555 40552 10025e2f 78 API calls 2 library calls 40300->40552 40307 1000f710 129 API calls 40301->40307 40525 100056e0 GetNativeSystemInfo 40306->40525 40311 1000fc76 40307->40311 40308 2550092 40355 2550640 LoadLibraryA 40308->40355 40309 1000fee2 40312 1000ff09 40309->40312 40313 1000fee9 40309->40313 40316 1000f710 129 API calls 40311->40316 40554 10025e2f 78 API calls 2 library calls 40312->40554 40553 1000f4b0 103 API calls 2 library calls 40313->40553 40314 1000fdaa GetSystemDirectoryA 40319 1000fdb7 OutputDebugStringA 40314->40319 40315 1000fd9b GetSystemWow64DirectoryA 40315->40319 40321 1000fc89 SHGetFolderPathA GetModuleFileNameA 40316->40321 40320 1000fdc5 40319->40320 40320->40320 40324 1000fdcd SHGetFolderPathA 40320->40324 40510 10013478 40321->40510 40323 1000ff17 40323->40299 40326 1000ff22 OutputDebugStringA 40323->40326 40327 10013478 swprintf 97 API calls 40324->40327 40329 1000ff39 40326->40329 40330 1000ff32 40326->40330 40331 1000fe22 CopyFileA 40327->40331 40332 100056e0 GetNativeSystemInfo 40329->40332 40333 10012eb4 messages 77 API calls 40330->40333 40334 1000fe42 40331->40334 40335 1000ff55 40332->40335 40333->40329 40334->40334 40336 1000fe4a OutputDebugStringA 40334->40336 40337 1000ff6d GetSystemDirectoryA 40335->40337 40338 1000ff5e GetSystemWow64DirectoryA 40335->40338 40339 1000fe76 40336->40339 40345 1000fe7d 40336->40345 40340 1000ff7a OutputDebugStringA 40337->40340 40338->40340 40341 10012eb4 messages 77 API calls 40339->40341 40342 1000ff88 40340->40342 40341->40345 40342->40342 40346 1000ff90 SHGetFolderPathA 40342->40346 40344 1000feac 40347 1000feb9 FindCloseChangeNotification ExitProcess 40344->40347 40348 1001003a CloseHandle 40344->40348 40527 10005740 OutputDebugStringA 40345->40527 40349 10013478 swprintf 97 API calls 40346->40349 40348->40299 40350 1000ffe5 CopyFileA 40349->40350 40351 10010005 40350->40351 40351->40351 40352 1001000d OutputDebugStringA 40351->40352 40352->40348 40353->40215 40354->40221 40355->40223 40357 25507a8 40356->40357 40358 25507f4 LoadLibraryA 40357->40358 40358->40228 40360 2550810 LoadLibraryA 40359->40360 40362 25500c0 40360->40362 40361 2550159 40361->40257 40362->40361 40363 2550111 VirtualAlloc 40362->40363 40363->40362 40365 2550810 LoadLibraryA 40364->40365 40368 255031c 40365->40368 40366 25507a0 LoadLibraryA 40366->40368 40367 2550404 40367->40260 40367->40261 40368->40366 40368->40367 40370 2550810 LoadLibraryA 40369->40370 40373 2550169 40370->40373 40371 255026d 40371->40266 40371->40267 40371->40268 40372 25501b3 VirtualFree 40372->40373 40373->40371 40373->40372 40374 255023b VirtualProtect 40373->40374 40374->40373 40376 10014a1a 40375->40376 40377 10014a1f 40375->40377 40396 1001e24c GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 40376->40396 40384 10014919 40377->40384 40380 255055f 40380->40266 40383 2550640 LoadLibraryA 40380->40383 40381->40264 40382->40270 40383->40273 40387 10014925 ___FrameUnwindToState 40384->40387 40385 10014972 40386 100149c2 ___FrameUnwindToState 40385->40386 40449 1000ea00 40385->40449 40386->40380 40387->40385 40387->40386 40397 100147b5 40387->40397 40390 10014985 40391 100149a2 40390->40391 40393 1000ea00 ___DllMainCRTStartup 4 API calls 40390->40393 40391->40386 40392 100147b5 __CRT_INIT@12 149 API calls 40391->40392 40392->40386 40394 10014999 40393->40394 40395 100147b5 __CRT_INIT@12 149 API calls 40394->40395 40395->40391 40396->40377 40398 100147c1 ___FrameUnwindToState 40397->40398 40399 10014843 40398->40399 40400 100147c9 40398->40400 40402 100148a4 40399->40402 40403 10014849 40399->40403 40401 1001a315 __heap_init HeapCreate 40400->40401 40406 100147ce 40401->40406 40404 10014902 40402->40404 40405 100148a9 40402->40405 40409 10014867 40403->40409 40414 10014370 __CRT_INIT@12 66 API calls 40403->40414 40417 100147d2 ___FrameUnwindToState 40403->40417 40411 1001a76e __freeptd 79 API calls 40404->40411 40404->40417 40407 1001a46a ___set_flsgetvalue TlsGetValue DecodePointer TlsSetValue 40405->40407 40408 100147d9 40406->40408 40406->40417 40412 100148ae 40407->40412 40413 1001a7dc __CRT_INIT@12 86 API calls 40408->40413 40410 1001487b 40409->40410 40415 1001de31 __ioterm 67 API calls 40409->40415 40416 1001488e __CRT_INIT@12 70 API calls 40410->40416 40411->40417 40418 10016a87 __calloc_crt 66 API calls 40412->40418 40419 100147de __RTC_Initialize 40413->40419 40414->40409 40420 10014871 40415->40420 40416->40417 40417->40385 40421 100148ba 40418->40421 40427 100147ee GetCommandLineA 40419->40427 40442 100147e2 40419->40442 40423 1001a4bb __mtterm 70 API calls 40420->40423 40421->40417 40424 100148c6 DecodePointer 40421->40424 40422 1001a333 __CRT_INIT@12 HeapDestroy 40425 100147e7 40422->40425 40426 10014876 40423->40426 40428 100148db 40424->40428 40425->40417 40429 1001a333 __CRT_INIT@12 HeapDestroy 40426->40429 40430 1001e1b5 ___crtGetEnvironmentStringsA 71 API calls 40427->40430 40431 100148f6 40428->40431 40432 100148df 40428->40432 40429->40410 40433 100147fe 40430->40433 40435 10012e7a _free 66 API calls 40431->40435 40434 1001a4f8 __CRT_INIT@12 66 API calls 40432->40434 40436 1001dbec __ioinit 73 API calls 40433->40436 40437 100148e6 GetCurrentThreadId 40434->40437 40435->40425 40438 10014808 40436->40438 40437->40417 40439 1001480c 40438->40439 40441 1001e0fa __setargv 95 API calls 40438->40441 40440 1001a4bb __mtterm 70 API calls 40439->40440 40440->40442 40443 10014818 40441->40443 40442->40422 40444 1001482c 40443->40444 40445 1001de84 __setenvp 94 API calls 40443->40445 40444->40425 40446 1001de31 __ioterm 67 API calls 40444->40446 40447 10014821 40445->40447 40446->40439 40447->40444 40448 1001416d __cinit 77 API calls 40447->40448 40448->40444 40450 1000ea59 40449->40450 40451 1000ea0b 40449->40451 40450->40390 40452 1000ea12 OutputDebugStringA 40451->40452 40453 1000ea26 OutputDebugStringA 40451->40453 40454 1000ea3a OutputDebugStringA 40451->40454 40455 1000ea4e OutputDebugStringA 40451->40455 40452->40390 40453->40390 40454->40390 40455->40450 40457 100056c1 40456->40457 40458 100055f4 RegQueryValueExA 40456->40458 40459 10013318 ___strgtold12_l 5 API calls 40457->40459 40460 10005628 40458->40460 40461 100056d2 40459->40461 40462 10005664 RegQueryValueExA 40460->40462 40463 10005647 RegSetValueExA 40460->40463 40461->40284 40461->40285 40464 10005692 40462->40464 40465 1000569b RegSetValueExA 40462->40465 40463->40462 40464->40465 40466 100056b4 RegCloseKey 40464->40466 40465->40466 40466->40457 40563 10006240 CreateToolhelp32Snapshot Process32First 40467->40563 40470 1000f94f 40473 10013318 ___strgtold12_l 5 API calls 40470->40473 40471 1000f737 OpenProcess 40471->40470 40472 1000f750 OpenProcessToken 40471->40472 40474 1000f948 CloseHandle 40472->40474 40475 1000f768 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges 40472->40475 40476 1000f95b 40473->40476 40474->40470 40571 1000e910 7 API calls ___strgtold12_l 40475->40571 40476->40293 40478 1000f7d9 40572 1000e910 7 API calls ___strgtold12_l 40478->40572 40480 1000f7e9 40573 1000e910 7 API calls ___strgtold12_l 40480->40573 40482 1000f7f9 40574 1000e910 7 API calls ___strgtold12_l 40482->40574 40484 1000f809 40575 1000e910 7 API calls ___strgtold12_l 40484->40575 40486 1000f819 40576 1000e910 7 API calls ___strgtold12_l 40486->40576 40488 1000f829 40577 1000e910 7 API calls ___strgtold12_l 40488->40577 40490 1000f83c 40578 1000e910 7 API calls ___strgtold12_l 40490->40578 40492 1000f84c 40579 1000e910 7 API calls ___strgtold12_l 40492->40579 40494 1000f85c 40580 1000e910 7 API calls ___strgtold12_l 40494->40580 40496 1000f86c 40581 1000e910 7 API calls ___strgtold12_l 40496->40581 40498 1000f87c 40582 1000e910 7 API calls ___strgtold12_l 40498->40582 40500 1000f88c 40583 1000e910 7 API calls ___strgtold12_l 40500->40583 40502 1000f89f 40584 1000e910 7 API calls ___strgtold12_l 40502->40584 40504 1000f8af GetLengthSid SetTokenInformation 40585 1000f580 118 API calls 3 library calls 40504->40585 40506 1000f8f8 40586 1000eb40 PostThreadMessageA 40506->40586 40508 1000f90d TerminateProcess AdjustTokenPrivileges CloseHandle 40508->40474 40509 1000f93f std::ios_base::_Tidy 40508->40509 40509->40474 40588 1001bcee 40510->40588 40512 1000fcd2 CopyFileA 40512->40289 40516 10012ebe 40513->40516 40515 10012ed8 40515->40306 40516->40515 40519 10012eda std::exception::exception 40516->40519 40610 10012d63 40516->40610 40628 1001a356 DecodePointer 40516->40628 40518 10012f18 40630 10012cfa 66 API calls std::exception::operator= 40518->40630 40519->40518 40629 10013847 76 API calls __cinit 40519->40629 40521 10012f22 40631 10012ba1 RaiseException 40521->40631 40524 10012f33 40526 100056fa 40525->40526 40526->40314 40526->40315 40640 10012e00 40527->40640 40530 10005804 _memset 40536 10005844 GetNativeSystemInfo 40530->40536 40539 10012eb4 messages 77 API calls 40530->40539 40531 1000595b OutputDebugStringA Wow64SuspendThread OutputDebugStringA VirtualAllocEx 40532 10005948 40531->40532 40533 10005998 OutputDebugStringA WriteProcessMemory 40531->40533 40534 10013318 ___strgtold12_l 5 API calls 40532->40534 40533->40532 40535 100059c0 OutputDebugStringA QueueUserAPC ResumeThread 40533->40535 40537 10005957 40534->40537 40538 10013318 ___strgtold12_l 5 API calls 40535->40538 40540 10005864 GetSystemWow64DirectoryA 40536->40540 40541 1000585e 40536->40541 40537->40344 40542 100059f5 40538->40542 40543 1000582e 40539->40543 40545 1000588a OutputDebugStringA 40540->40545 40541->40540 40544 10005878 GetSystemDirectoryA 40541->40544 40542->40344 40543->40536 40544->40545 40547 10005898 40545->40547 40547->40547 40548 100058a0 SHGetFolderPathA 40547->40548 40549 10013478 swprintf 97 API calls 40548->40549 40550 100058f2 CopyFileA CreateProcessA 40549->40550 40550->40531 40551 10005930 CloseHandle CloseHandle 40550->40551 40551->40532 40552->40309 40554->40323 40556 10013320 40555->40556 40557 10013322 IsDebuggerPresent 40555->40557 40556->40308 40642 10021de7 40557->40642 40560 1001ab09 SetUnhandledExceptionFilter UnhandledExceptionFilter 40561 1001ab26 __call_reportfault 40560->40561 40562 1001ab2e GetCurrentProcess TerminateProcess 40560->40562 40561->40562 40562->40308 40564 10006280 40563->40564 40565 100062ad FindCloseChangeNotification 40563->40565 40569 10006294 Process32Next 40564->40569 40570 100062a5 40564->40570 40587 10013d9c 85 API calls 40564->40587 40567 10013318 ___strgtold12_l 5 API calls 40565->40567 40568 100062c3 40567->40568 40568->40470 40568->40471 40569->40564 40569->40570 40570->40565 40571->40478 40572->40480 40573->40482 40574->40484 40575->40486 40576->40488 40577->40490 40578->40492 40579->40494 40580->40496 40581->40498 40582->40500 40583->40502 40584->40504 40585->40506 40586->40508 40587->40564 40589 1001bcf9 40588->40589 40590 1001bd0e 40588->40590 40604 1001350d 66 API calls __getptd_noexit 40589->40604 40592 1001bd1c 40590->40592 40594 1001bd29 40590->40594 40606 1001350d 66 API calls __getptd_noexit 40592->40606 40593 1001bcfe 40605 1001ba0f 11 API calls ___strgtold12_l 40593->40605 40607 1001bc24 97 API calls 2 library calls 40594->40607 40598 1001bd09 40598->40512 40599 1001bd21 40609 1001ba0f 11 API calls ___strgtold12_l 40599->40609 40600 1001bd40 40602 1001bd5f 40600->40602 40608 1001350d 66 API calls __getptd_noexit 40600->40608 40602->40512 40604->40593 40605->40598 40606->40599 40607->40600 40608->40599 40609->40602 40611 10012d71 40610->40611 40612 10012de0 40610->40612 40615 10012d7c 40611->40615 40638 1001a356 DecodePointer 40612->40638 40614 10012de6 40639 1001350d 66 API calls __getptd_noexit 40614->40639 40615->40611 40618 10012d9f HeapAlloc 40615->40618 40621 10012dcc 40615->40621 40625 10012dca 40615->40625 40632 1001a2dc 66 API calls 2 library calls 40615->40632 40633 1001a12d 66 API calls 7 library calls 40615->40633 40634 100140ec GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 40615->40634 40635 1001a356 DecodePointer 40615->40635 40618->40615 40627 10012dd8 40618->40627 40620 10012dec 40620->40516 40636 1001350d 66 API calls __getptd_noexit 40621->40636 40637 1001350d 66 API calls __getptd_noexit 40625->40637 40627->40620 40628->40516 40629->40518 40630->40521 40631->40524 40632->40615 40633->40615 40635->40615 40636->40625 40637->40627 40638->40614 40639->40620 40641 10005789 OutputDebugStringA CreateProcessA 40640->40641 40641->40530 40641->40531 40642->40560 40644 1000fad4 RegOpenKeyExA 40643->40644 40645 1000fb29 40644->40645 40646 1000faef RegQueryValueExA 40644->40646 40651 1000f960 SHGetFolderPathA GetModuleFileNameA 40645->40651 40647 1000fb08 RegCloseKey Sleep 40646->40647 40648 1000fb1f RegCloseKey 40646->40648 40647->40644 40648->40645 40652 10013478 swprintf 97 API calls 40651->40652 40653 1000f9b9 40652->40653 40654 10013478 swprintf 97 API calls 40653->40654 40655 1000f9d6 40654->40655 40674 1000e990 RegOpenKeyExA 40655->40674 40657 1000f9de 40658 1000f9e6 OutputDebugStringA RegOpenKeyExA 40657->40658 40659 1000faa8 40657->40659 40658->40659 40660 1000fa17 40658->40660 40661 10013318 ___strgtold12_l 5 API calls 40659->40661 40662 1000f710 129 API calls 40660->40662 40663 1000fab2 Sleep 40661->40663 40664 1000fa25 40662->40664 40663->40644 40665 1000f710 129 API calls 40664->40665 40666 1000fa35 40665->40666 40667 1000f710 129 API calls 40666->40667 40668 1000fa45 40667->40668 40669 1000f710 129 API calls 40668->40669 40670 1000fa55 40669->40670 40671 1000f710 129 API calls 40670->40671 40672 1000fa68 RegSetValueExA RegCloseKey 40671->40672 40672->40659 40675 1000e9b5 RegQueryValueExA 40674->40675 40676 1000e9ec 40674->40676 40677 1000e9e2 RegCloseKey 40675->40677 40678 1000e9d2 RegCloseKey 40675->40678 40676->40657 40677->40676 40678->40657 40679 4145ff __set_app_type __p__fmode __p__commode 40680 41466e 40679->40680 40681 414682 40680->40681 40682 414676 __setusermatherr 40680->40682 40691 414776 _controlfp 40681->40691 40682->40681 40684 414687 _initterm __getmainargs _initterm 40685 4146db GetStartupInfoA 40684->40685 40687 41470f GetModuleHandleA 40685->40687 40692 4147b6 #1576 40687->40692 40690 414733 exit _XcptFilter 40691->40684 40692->40690

                    Control-flow Graph

                    APIs
                    • OutputDebugStringA.KERNEL32(PuppetProcess1,?,75919350,00000000), ref: 10005776
                    • _memset.LIBCMT ref: 10005784
                    • OutputDebugStringA.KERNEL32(PuppetProcess2,?,75919350,00000000), ref: 100057D8
                    • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?,?,75919350,00000000), ref: 100057FA
                    • _memset.LIBCMT ref: 10005817
                    • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,75919350,00000000), ref: 1000584B
                    • GetSystemWow64DirectoryA.KERNEL32(?,00000104,?,?,?,?,75919350,00000000), ref: 10005870
                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 10005884
                    • OutputDebugStringA.KERNEL32(dll run4,?,?,?,?,75919350,00000000), ref: 1000588F
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?,?,?,?,?,75919350,00000000), ref: 100058CF
                    • swprintf.LIBCMT ref: 100058ED
                    • CopyFileA.KERNEL32(?,?,00000000), ref: 10005904
                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000214,00000000,00000000,00000044,?), ref: 1000592A
                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,75919350,00000000), ref: 1000593D
                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,75919350,00000000), ref: 10005946
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    • OutputDebugStringA.KERNELBASE(PuppetProcess3,?,75919350,00000000), ref: 10005960
                    • Wow64SuspendThread.KERNEL32(?,?,75919350,00000000), ref: 10005969
                    • OutputDebugStringA.KERNEL32(PuppetProcess4,?,75919350,00000000), ref: 10005974
                    • VirtualAllocEx.KERNELBASE(?,00000000,?,00003000,00000040,?,75919350,00000000), ref: 1000598C
                    • OutputDebugStringA.KERNELBASE(PuppetProcess5,?,75919350,00000000), ref: 1000599D
                    • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?,75919350,00000000), ref: 100059B6
                    • OutputDebugStringA.KERNEL32(PuppetProcess6,?,75919350,00000000), ref: 100059C5
                    • QueueUserAPC.KERNELBASE(00000000,?,00000000,?,75919350,00000000), ref: 100059D0
                    • ResumeThread.KERNELBASE(?,?,75919350,00000000), ref: 100059DD
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: DebugOutputString$ProcessSystem$CloseCreateDirectoryHandleThreadWow64_memset$AllocCopyFileFolderInfoMemoryNativePathQueueResumeSuspendUserVirtualWrite_mallocswprintf
                    • String ID: %s\msiexec.exe$D$PuppetProcess1$PuppetProcess2$PuppetProcess3$PuppetProcess4$PuppetProcess5$PuppetProcess6$\msiexec.exe$dll run4
                    • API String ID: 713210840-3220118345
                    • Opcode ID: c85be4a8d7405966dd36fde79b9034efe2c221ff62069eb80ab4b82814ae0c94
                    • Instruction ID: 4fe7f92186877ebd49fa7e8effbfb48cb66ca938e8ee60076195f9adaecebb7e
                    • Opcode Fuzzy Hash: c85be4a8d7405966dd36fde79b9034efe2c221ff62069eb80ab4b82814ae0c94
                    • Instruction Fuzzy Hash: B6714FB5900228AFEB15DB64CCC5EEAB7BCFB48240F508199F60DA7241DB719E858F60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 132 1000f580-1000f5e8 CreateToolhelp32Snapshot Thread32First 133 1000f6d3-1000f6f7 CloseHandle call 10013318 132->133 134 1000f5ee 132->134 136 1000f5f0-1000f5f6 134->136 138 1000f6c1-1000f6cd Thread32Next 136->138 139 1000f5fc-1000f604 136->139 138->133 138->136 140 1000f606-1000f60d 139->140 141 1000f66f-1000f674 139->141 140->141 144 1000f60f-1000f61b 140->144 142 1000f6b1-1000f6b6 141->142 143 1000f676-1000f682 141->143 145 1000f6b8-1000f6bb 142->145 146 1000f6bd 142->146 147 1000f684-1000f68c 143->147 148 1000f6f8-1000f731 call 1001078f call 10006240 143->148 149 1000f65d-1000f667 144->149 150 1000f61d-1000f627 144->150 145->146 146->138 147->142 153 1000f68e-1000f69b 147->153 172 1000f950-1000f95e call 10013318 148->172 173 1000f737-1000f74a OpenProcess 148->173 149->146 151 1000f669-1000f66d 149->151 150->148 154 1000f62d-1000f635 150->154 151->146 156 1000f6a1 153->156 157 1000f69d-1000f69f 153->157 154->149 158 1000f637-1000f644 154->158 160 1000f6a3-1000f6a5 156->160 157->160 161 1000f646-1000f648 158->161 162 1000f64a 158->162 165 1000f6a7 160->165 166 1000f6a9-1000f6ac call 10006620 160->166 163 1000f64c-1000f64e 161->163 162->163 168 1000f650 163->168 169 1000f652-1000f65a call 10006620 163->169 165->166 166->142 168->169 169->149 174 1000f750-1000f762 OpenProcessToken 173->174 175 1000f94f 173->175 178 1000f948-1000f949 CloseHandle 174->178 179 1000f768-1000f93d LookupPrivilegeValueA AdjustTokenPrivileges * 2 call 1000e910 * 14 GetLengthSid SetTokenInformation call 1000f580 call 1000eb40 TerminateProcess AdjustTokenPrivileges CloseHandle 174->179 175->172 178->175 179->178 213 1000f93f-1000f945 call 100122d2 179->213 213->178
                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000F5CB
                    • Thread32First.KERNEL32(00000000,?), ref: 1000F5E1
                    • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000F6C6
                    • CloseHandle.KERNEL32(00000000,00000004,00000000,FCCBADC3,00000000), ref: 1000F6D4
                    • std::_Xinvalid_argument.LIBCPMT ref: 1000F6FD
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 1000F740
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 1000F75A
                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000F77B
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,00000000), ref: 1000F7B5
                    • AdjustTokenPrivileges.ADVAPI32(?,00000001,00000001,00000010,00000000,00000000,?,00000000), ref: 1000F7C7
                    • GetLengthSid.ADVAPI32(?), ref: 1000F8D4
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 1000F8E8
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 1000F913
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000F92B
                    • CloseHandle.KERNEL32(?), ref: 1000F931
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 1000F949
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Token$AdjustCloseHandlePrivilegesProcess$OpenThread32$CreateFirstInformationLengthLookupNextPrivilegeSnapshotTerminateToolhelp32ValueXinvalid_argumentstd::_
                    • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
                    • API String ID: 4288883302-3994885262
                    • Opcode ID: 32f23fd64c626a467a6db5f7a1efcf90b74811ba8f8cadc8731902384e35d90b
                    • Instruction ID: a6d847a36596519ab9d5ea3f03e866710a041fd0a0d1da3b1017c35c2cc041b5
                    • Opcode Fuzzy Hash: 32f23fd64c626a467a6db5f7a1efcf90b74811ba8f8cadc8731902384e35d90b
                    • Instruction Fuzzy Hash: 33C16175A00209BBEB14DBA4DC85FAEB7BAEB48740F20491DF605FB285DB71AD418B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                      • Part of subcall function 10006240: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10006268
                      • Part of subcall function 10006240: Process32First.KERNEL32(00000000,00000128), ref: 10006277
                      • Part of subcall function 10006240: Process32Next.KERNEL32(00000000,00000128), ref: 1000629C
                      • Part of subcall function 10006240: FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000000), ref: 100062AE
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 1000F740
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 1000F75A
                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000F77B
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,00000000), ref: 1000F7B5
                    • AdjustTokenPrivileges.ADVAPI32(?,00000001,00000001,00000010,00000000,00000000,?,00000000), ref: 1000F7C7
                      • Part of subcall function 1000E910: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 1000E92E
                      • Part of subcall function 1000E910: AdjustTokenPrivileges.ADVAPI32(00000001,00000000,1000F7D9,00000010,00000000,00000000), ref: 1000E96E
                    • GetLengthSid.ADVAPI32(?), ref: 1000F8D4
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 1000F8E8
                      • Part of subcall function 1000F580: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000F5CB
                      • Part of subcall function 1000F580: Thread32First.KERNEL32(00000000,?), ref: 1000F5E1
                      • Part of subcall function 1000F580: Thread32Next.KERNEL32(00000000,0000001C), ref: 1000F6C6
                      • Part of subcall function 1000F580: CloseHandle.KERNEL32(00000000,00000004,00000000,FCCBADC3,00000000), ref: 1000F6D4
                      • Part of subcall function 1000EB40: PostThreadMessageA.USER32(00000101,00000002,00000101,?), ref: 1000EB6D
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 1000F913
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000F92B
                    • CloseHandle.KERNEL32(?), ref: 1000F931
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 1000F949
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Token$AdjustClosePrivileges$HandleProcess$CreateFirstLookupNextOpenPrivilegeProcess32SnapshotThread32Toolhelp32Value$ChangeFindInformationLengthMessageNotificationPostTerminateThread
                    • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
                    • API String ID: 2122055157-3151685581
                    • Opcode ID: 6e1bbc2b59bdc6ae47365c5862bf753b818b4d3e97a0db6c712d8272a1e1de11
                    • Instruction ID: 001512e3ad64c0709784f10a1ab430ef39029e0d1e7fb618c968bc69d7fb7263
                    • Opcode Fuzzy Hash: 6e1bbc2b59bdc6ae47365c5862bf753b818b4d3e97a0db6c712d8272a1e1de11
                    • Instruction Fuzzy Hash: 8B614F75A51209BBEB00DBE4DC86FEE7779EF44740F104918F604BB285DBB5AA418BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • GetProcAddress.KERNEL32(76A80000,socket), ref: 00401848
                    • socket.WS2_32(00000002,00000001,00000006), ref: 00401850
                    • GetProcAddress.KERNEL32(76A80000,htons), ref: 00401872
                    • gethostbyname.WS2_32(?), ref: 0040187B
                    • GetProcAddress.KERNEL32(76A80000,connect), ref: 004018AD
                    • connect.WS2_32(?,?,00000010), ref: 004018BA
                    • LoadLibraryA.KERNEL32(KERNEL32.dll,ResetEvent), ref: 004018D1
                    • GetProcAddress.KERNEL32(00000000), ref: 004018D4
                    • LoadLibraryA.KERNEL32(KERNEL32.dll,WaitForSingleObject), ref: 004018E6
                    • GetProcAddress.KERNEL32(00000000), ref: 004018E9
                    • CreateThread.KERNELBASE(00000000,00000000,Function_00001920,?,00000000,00000000), ref: 00401909
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AddressProc$LibraryLoad$CreateThreadconnectgethostbynamesocket
                    • String ID: KERNEL32.dll$ResetEvent$WaitForSingleObject$connect$htons$socket
                    • API String ID: 2839651472-2857524910
                    • Opcode ID: 102c6dadecb3ef338d8ec8dd506c140c6a081260e066cc4f7fc83193acf7ddeb
                    • Instruction ID: 387dee4e97fb331f9596e694114a9e22afec7fff41cb22dbf11d981bbc5ef50e
                    • Opcode Fuzzy Hash: 102c6dadecb3ef338d8ec8dd506c140c6a081260e066cc4f7fc83193acf7ddeb
                    • Instruction Fuzzy Hash: 412162716403146FD210EBB8DC85FAA77A8EF88B10F108A1BF524972D0D7B4E9508BA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 307 401920-401958 call 4145d0 310 4019c9-401a19 call 401560 * 2 Sleep * 5 call 4015d0 307->310 311 40195a-401963 307->311 322 401a1e-401a2a 310->322 311->310 312 401965-401988 GetProcAddress recv 311->312 312->310 314 40198a-4019bf call 401560 Sleep * 3 312->314 314->310 321 4019c1-4019c7 314->321 321->310 321->312
                    APIs
                    • GetProcAddress.KERNEL32(76A80000,recv), ref: 00401970
                    • recv.WS2_32(?,?,00001000,00000000), ref: 00401982
                    • Sleep.KERNELBASE(0000000A), ref: 004019AA
                    • Sleep.KERNEL32(0000000A), ref: 004019AE
                    • Sleep.KERNEL32(0000000A), ref: 004019B2
                    • Sleep.KERNEL32(0000000A), ref: 00401A05
                    • Sleep.KERNEL32(0000000A), ref: 00401A09
                    • Sleep.KERNEL32(0000000A), ref: 00401A0D
                    • Sleep.KERNEL32(0000000A), ref: 00401A11
                    • Sleep.KERNEL32(0000000A), ref: 00401A15
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Sleep$AddressProcrecv
                    • String ID: 206.238.220.90$recv
                    • API String ID: 3963906473-4120462157
                    • Opcode ID: 7a38ea14ec03c5f22c69c0c90547f8f0b55fc423a4b061f275ead1ea718936aa
                    • Instruction ID: f01c58629c36bfb75cba165c8fee6c0784862e88d9b097b3f31d3b7948aa4060
                    • Opcode Fuzzy Hash: 7a38ea14ec03c5f22c69c0c90547f8f0b55fc423a4b061f275ead1ea718936aa
                    • Instruction Fuzzy Hash: C531B4B1300704ABD210D775DC81FA77395EF84798F004A2EB2AA976D0DB74E905876A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00412D47
                    • Process32First.KERNEL32(00000000,?), ref: 00412D54
                    • _stricmp.MSVCRT(?,?), ref: 00412D70
                    • Process32Next.KERNEL32(00000000,?), ref: 00412D7F
                    • _stricmp.MSVCRT(?,?), ref: 00412D8E
                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00412D9C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Process32_stricmp$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                    • String ID:
                    • API String ID: 278970866-0
                    • Opcode ID: c13e37183406dd8e3f0ffaab0076a0e1563988e1bb0bd72b77ba9942039df16e
                    • Instruction ID: ac0d83fba27fc3bb0fd45f8fe66a4c9dcd8df36e6d6c8f85df889e401806c3c5
                    • Opcode Fuzzy Hash: c13e37183406dd8e3f0ffaab0076a0e1563988e1bb0bd72b77ba9942039df16e
                    • Instruction Fuzzy Hash: C301D67110131567D710EA62ED44EEB779CDFC6355F45042EFD00C2280EB6EE95983BA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 1000fb60-1000fbea OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW call 10012e00 3 1000fc0a-1000fc32 call 100055b0 0->3 4 1000fbec-1000fbf8 call 10012eb4 0->4 11 1000fc38-1000fcf6 call 1000f710 * 5 SHGetFolderPathA GetModuleFileNameA call 10013478 CopyFileA 3->11 12 1000fd4e-1000fd51 3->12 9 1000fc03 4->9 10 1000fbfa-1000fc01 call 100055a0 4->10 16 1000fc05 9->16 10->16 18 1000fcf7-1000fd0c SetFileAttributesA CreateThread 11->18 13 1000fd72-1000fd75 12->13 14 1000fd53-1000fd70 GetModuleFileNameA 12->14 19 1000fd12 13->19 20 1000fd77-1000fd84 OutputDebugStringA 13->20 14->18 16->3 18->19 24 1000fd18-1000fd28 OutputDebugStringA 19->24 20->24 26 1000fec7 24->26 27 1000fd2e-1000fd35 24->27 29 10010040-10010052 call 10013318 26->29 30 1000fecd-1000fee7 OutputDebugStringA call 10025e2f 26->30 31 1000fd37-1000fd43 call 10012eb4 27->31 32 1000fd8d-1000fd99 call 100056e0 27->32 46 1000ff09-1000ff1c call 10025e2f 30->46 47 1000fee9-1000ff03 call 1000f4b0 30->47 43 1000fd45-1000fd4c call 100055a0 31->43 44 1000fd86 31->44 48 1000fdaa-1000fdb1 GetSystemDirectoryA 32->48 49 1000fd9b-1000fda8 GetSystemWow64DirectoryA 32->49 53 1000fd88 43->53 44->53 46->29 63 1000ff22-1000ff30 OutputDebugStringA 46->63 47->46 55 1000fdb7-1000fdc4 OutputDebugStringA 48->55 49->55 53->32 56 1000fdc5-1000fdcb 55->56 56->56 61 1000fdcd-1000fe41 SHGetFolderPathA call 10013478 CopyFileA 56->61 71 1000fe42-1000fe48 61->71 66 1000ff50-1000ff5c call 100056e0 63->66 67 1000ff32-1000ff3e call 10012eb4 63->67 77 1000ff6d-1000ff74 GetSystemDirectoryA 66->77 78 1000ff5e-1000ff6b GetSystemWow64DirectoryA 66->78 74 1000ff40-1000ff47 call 100055a0 67->74 75 1000ff49 67->75 71->71 76 1000fe4a-1000fe74 OutputDebugStringA 71->76 80 1000ff4b 74->80 75->80 81 1000fe94-1000feb3 call 10005740 76->81 82 1000fe76-1000fe82 call 10012eb4 76->82 83 1000ff7a-1000ff87 OutputDebugStringA 77->83 78->83 80->66 91 1000feb9-1000fec1 FindCloseChangeNotification ExitProcess 81->91 92 1001003a CloseHandle 81->92 93 1000fe84-1000fe8b call 100055a0 82->93 94 1000fe8d 82->94 86 1000ff88-1000ff8e 83->86 86->86 90 1000ff90-10010004 SHGetFolderPathA call 10013478 CopyFileA 86->90 100 10010005-1001000b 90->100 92->29 97 1000fe8f 93->97 94->97 97->81 100->100 101 1001000d-10010030 OutputDebugStringA 100->101 101->92
                    APIs
                    • OutputDebugStringA.KERNEL32(dll run), ref: 1000FB8A
                    • OutputDebugStringA.KERNEL32(dll run2), ref: 1000FB91
                    • GetCommandLineW.KERNEL32(?), ref: 1000FBB7
                    • CommandLineToArgvW.SHELL32(00000000), ref: 1000FBBE
                    • _memset.LIBCMT ref: 1000FBDB
                    • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000FC9B
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000FCAF
                    • swprintf.LIBCMT ref: 1000FCCD
                    • CopyFileA.KERNEL32(?,?,00000000), ref: 1000FCE5
                    • SetFileAttributesA.KERNELBASE(?,00000002), ref: 1000FCF7
                    • CreateThread.KERNELBASE(00000000,00000000,1000FAC0,00000000,00000000,00000000), ref: 1000FD0C
                    • OutputDebugStringA.KERNELBASE(dll run3), ref: 1000FD1D
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000FD61
                    • OutputDebugStringA.KERNEL32(10027E04), ref: 1000FD82
                    • GetSystemDirectoryA.KERNEL32(00000000,00000104), ref: 1000FDB1
                    • OutputDebugStringA.KERNELBASE(dll run4), ref: 1000FDBC
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000FDFF
                    • swprintf.LIBCMT ref: 1000FE1D
                    • CopyFileA.KERNEL32(00000000,?,00000000), ref: 1000FE35
                    • OutputDebugStringA.KERNELBASE(?), ref: 1000FE6B
                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 1000FEB9
                    • ExitProcess.KERNEL32 ref: 1000FEC1
                    • OutputDebugStringA.KERNEL32(dll run6), ref: 1000FED2
                    • __wcsicoll.LIBCMT ref: 1000FEDD
                    • __wcsicoll.LIBCMT ref: 1000FF12
                    • OutputDebugStringA.KERNEL32(dll run7), ref: 1000FF27
                    • GetSystemWow64DirectoryA.KERNEL32(00000000,00000104), ref: 1000FDA2
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    • GetSystemWow64DirectoryA.KERNEL32(00000000,00000104), ref: 1000FF65
                    • GetSystemDirectoryA.KERNEL32(00000000,00000104), ref: 1000FF74
                    • OutputDebugStringA.KERNEL32(dll run4), ref: 1000FF7F
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000FFC2
                    • swprintf.LIBCMT ref: 1000FFE0
                    • CopyFileA.KERNEL32(00000000,?,00000000), ref: 1000FFF8
                    • OutputDebugStringA.KERNEL32(?), ref: 1001002E
                      • Part of subcall function 1000F4B0: WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,FCCBADC3,?,?), ref: 1000F54B
                      • Part of subcall function 1000F4B0: CloseHandle.KERNEL32(00000000,?,?,?,?,FCCBADC3,?,?), ref: 1000F552
                    • CloseHandle.KERNEL32(00000000), ref: 1001003A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: DebugOutputString$File$DirectorySystem$CloseCopyFolderPathswprintf$CommandHandleLineModuleNameWow64__wcsicoll$ArgvAttributesChangeCreateExitFindNotificationObjectProcessSingleThreadWait_malloc_memset
                    • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
                    • API String ID: 896217562-3018988614
                    • Opcode ID: 0a702fd39ee98d75ea2d2ad1b71922df284c84317f76b1a3e94e03ac76e734d1
                    • Instruction ID: 6959cae108f41e3a4d8f13f90d72679338ada2cb81fb1ff6466d98d524a47d60
                    • Opcode Fuzzy Hash: 0a702fd39ee98d75ea2d2ad1b71922df284c84317f76b1a3e94e03ac76e734d1
                    • Instruction Fuzzy Hash: D5D1C775905219ABF710DB60CC86FEA77B4FB08340F518499F70D9B1D2EBB0A985CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • GetInputState.USER32 ref: 00401724
                    • GetCurrentThreadId.KERNEL32 ref: 00401730
                    • PostThreadMessageA.USER32(00000000), ref: 00401737
                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00401747
                    • OutputDebugStringA.KERNELBASE(shibushizheli ,zhe SB huorong yeshi meishui l ), ref: 00401752
                    • Sleep.KERNELBASE(0000000A), ref: 00401760
                    • Sleep.KERNELBASE(0000000A), ref: 00401764
                    • Sleep.KERNEL32(0000000A), ref: 00401768
                    • Sleep.KERNEL32(0000000A), ref: 0040176C
                    • Sleep.KERNEL32(0000000A), ref: 00401770
                    • Sleep.KERNEL32(0000000A), ref: 00401774
                    • Sleep.KERNEL32(0000000A), ref: 00401778
                    • Sleep.KERNEL32(0000000A), ref: 0040177C
                    • Sleep.KERNEL32(0000000A), ref: 00401780
                    • Sleep.KERNEL32(0000000A), ref: 00401784
                    • Sleep.KERNEL32(0000000A), ref: 00401788
                    • Sleep.KERNEL32(0000000A), ref: 0040178C
                    • Sleep.KERNEL32(0000000A), ref: 00401790
                    • Sleep.KERNEL32(0000000A), ref: 00401794
                    • Sleep.KERNEL32(0000000A), ref: 00401798
                    • Sleep.KERNEL32(0000000A), ref: 0040179C
                    • _CxxThrowException.MSVCRT(?,00418658), ref: 004017B5
                    • _CxxThrowException.MSVCRT(?,00418658), ref: 004017D1
                    • _CxxThrowException.MSVCRT(?,00418658), ref: 004017ED
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Sleep$ExceptionThrow$MessageThread$CurrentDebugInputOutputPostStateString
                    • String ID: D$D$D$shibushizheli ,zhe SB huorong yeshi meishui l
                    • API String ID: 3257656576-1225827832
                    • Opcode ID: 791d72c7e0e025d7f2f25c8b5c74dd7f8cd77e2cd0fec64d2833542128c3c449
                    • Instruction ID: f6f889be6ec974512a5e1d0ca3706104645a9ec4bb414fd150e32613aee05980
                    • Opcode Fuzzy Hash: 791d72c7e0e025d7f2f25c8b5c74dd7f8cd77e2cd0fec64d2833542128c3c449
                    • Instruction Fuzzy Hash: F521CD71F80359BAE710ABF5DC0EF9E7E64EB05B54F10411AB31C6A1D0CAB851058AAB
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000F982
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000F996
                    • swprintf.LIBCMT ref: 1000F9B4
                    • swprintf.LIBCMT ref: 1000F9D1
                      • Part of subcall function 1000E990: RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,1000F9DE,?,1000F9DE), ref: 1000E9AB
                      • Part of subcall function 1000E990: RegQueryValueExA.KERNELBASE(1000F9DE,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?,?,1000F9DE), ref: 1000E9C8
                      • Part of subcall function 1000E990: RegCloseKey.ADVAPI32(1000F9DE,?,1000F9DE), ref: 1000E9D6
                    • OutputDebugStringA.KERNELBASE(meiyou), ref: 1000F9EB
                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020006,?), ref: 1000FA09
                      • Part of subcall function 1000F710: OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 1000F740
                      • Part of subcall function 1000F710: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 1000F75A
                      • Part of subcall function 1000F710: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000F77B
                      • Part of subcall function 1000F710: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,00000000), ref: 1000F7B5
                      • Part of subcall function 1000F710: AdjustTokenPrivileges.ADVAPI32(?,00000001,00000001,00000010,00000000,00000000,?,00000000), ref: 1000F7C7
                      • Part of subcall function 1000F710: GetLengthSid.ADVAPI32(?), ref: 1000F8D4
                      • Part of subcall function 1000F710: SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 1000F8E8
                      • Part of subcall function 1000F710: TerminateProcess.KERNEL32(00000000,00000000), ref: 1000F913
                      • Part of subcall function 1000F710: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000F92B
                      • Part of subcall function 1000F710: CloseHandle.KERNEL32(?), ref: 1000F931
                      • Part of subcall function 1000F710: CloseHandle.KERNEL32(00000000,?,00000000), ref: 1000F949
                    • RegSetValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000001,?,?), ref: 1000FA95
                    • RegCloseKey.ADVAPI32(?), ref: 1000FAA2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Token$CloseOpen$AdjustPrivilegesProcessValue$Handleswprintf$DebugFileFolderInformationLengthLookupModuleNameOutputPathPrivilegeQueryStringTerminate
                    • String ID: %s\msedge.exe$2345SafeTray.exe$360Tray.exe$HipsTray.exe$IsSystemUpgradeComponentRegistered$QQPCTray.exe$Software\Microsoft\Windows\CurrentVersion\Run$explorer "%s" $kxetray.exe$meiyou
                    • API String ID: 194492455-3482547359
                    • Opcode ID: 9f4527afe71cb6e1fa10ea8675d8b1e4d4d8ed58a6979bbc1ed3f1d04381b407
                    • Instruction ID: c79e0a651d9f8928ed16b5fff630c26af3c88d92e1ba5a66682599efa6cf8ac5
                    • Opcode Fuzzy Hash: 9f4527afe71cb6e1fa10ea8675d8b1e4d4d8ed58a6979bbc1ed3f1d04381b407
                    • Instruction Fuzzy Hash: FA316475A80318BBF720D7509C87FFA7778EF04701F904184B70C6A0C2DBB07A895A65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • RegOpenKeyA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,?), ref: 004015E9
                    • RegCloseKey.KERNELBASE(?), ref: 004015F4
                    • GetTickCount.KERNEL32 ref: 00401610
                    • GetTickCount.KERNEL32 ref: 0040162A
                    • LoadLibraryA.KERNEL32(KERNEL32.dll,VirtualAlloc), ref: 0040165F
                    • GetProcAddress.KERNEL32(00000000), ref: 00401666
                    • VirtualAlloc.KERNELBASE(00000000,0004DA78,00003000,00000040), ref: 0040167C
                    • CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401697
                    • OutputDebugStringA.KERNELBASE(worinimahuorong), ref: 004016A2
                    • GetInputState.USER32 ref: 004016A8
                    • GetCurrentThreadId.KERNEL32 ref: 004016B4
                    • PostThreadMessageA.USER32(00000000), ref: 004016BB
                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004016CC
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004016EB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Thread$CountMessageTick$AddressAllocCloseCreateCurrentDebugFileInputLibraryLoadModuleNameOpenOutputPostProcStateStringVirtual
                    • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$KERNEL32.dll$VirtualAlloc$worinimahuorong
                    • API String ID: 1017307383-2248002026
                    • Opcode ID: dbe717194eb0f7e3e6691ab7cbf383c1fd89b14d0aba9c1d72aa66bfffbc1e88
                    • Instruction ID: 257a69638494864cfbe35b2ef4f8472ff820b3df7a96939329fef047efd62c00
                    • Opcode Fuzzy Hash: dbe717194eb0f7e3e6691ab7cbf383c1fd89b14d0aba9c1d72aa66bfffbc1e88
                    • Instruction Fuzzy Hash: F7317175644304AFE3109B64EC1DBE67BA8FB8C701F02C539F616966E0CBB5A844CB9D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 301 4010b0-401109 #1134 #2621 #6117 #4159 #823 302 401128 301->302 303 40110b-401126 #520 301->303 304 40112a-401165 #986 #296 #5214 #5301 302->304 303->304 305 401167-401189 #617 304->305 306 40118a-4011c6 #6215 UpdateWindow #617 304->306
                    APIs
                    • #1134.MFC42(00000000), ref: 004010CD
                    • #2621.MFC42 ref: 004010D7
                    • #6117.MFC42(Local AppWizard-Generated Applications), ref: 004010E3
                    • #4159.MFC42(00000000,Local AppWizard-Generated Applications), ref: 004010EC
                    • #823.MFC42(0000006C,00000000,Local AppWizard-Generated Applications), ref: 004010F3
                    • #520.MFC42(00000080,00416A38,00418268,004183B8), ref: 00401121
                    • #986.MFC42(00000000), ref: 00401135
                    • #296.MFC42(00000000), ref: 0040113E
                    • #5214.MFC42(?,00000000), ref: 00401152
                    • #5301.MFC42(?,?,00000000), ref: 0040115E
                    • #617.MFC42(?,?,00000000), ref: 00401173
                    • #6215.MFC42(00000005,?,?,00000000), ref: 0040118F
                    • UpdateWindow.USER32(?), ref: 0040119B
                    • #617.MFC42 ref: 004011AD
                    Strings
                    • Local AppWizard-Generated Applications, xrefs: 004010DC
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #617$#1134#2621#296#4159#520#5214#5301#6117#6215#823#986UpdateWindow
                    • String ID: Local AppWizard-Generated Applications
                    • API String ID: 3234569743-3869840320
                    • Opcode ID: 10a9e0d86ac2af621ce890299b63eec0b8b93bfe30f25f3683db15ecbe41b817
                    • Instruction ID: 83e62fcc7570c88fa698ec33c2c97348a6fd7d47edbeb9128b484918cd8cffc1
                    • Opcode Fuzzy Hash: 10a9e0d86ac2af621ce890299b63eec0b8b93bfe30f25f3683db15ecbe41b817
                    • Instruction Fuzzy Hash: 4C210B71344740ABD704EF25C852B9F7BD0AB88B25F40061EF49A573D0DB7CD9818B8A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 323 100055b0-100055ee RegCreateKeyA 324 100056c1-100056d5 call 10013318 323->324 325 100055f4-10005626 RegQueryValueExA 323->325 327 10005631-1000563a 325->327 328 10005628-1000562f 325->328 331 10005640-10005645 327->331 328->327 330 10005664-10005690 RegQueryValueExA 328->330 333 10005692-10005699 330->333 334 1000569b-100056b2 RegSetValueExA 330->334 331->331 332 10005647-10005662 RegSetValueExA 331->332 332->330 333->334 335 100056b4-100056bb RegCloseKey 333->335 334->335 335->324
                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100055E6
                    • RegQueryValueExA.KERNELBASE(?,BITS,00000000,?,00000000,?,?,?), ref: 1000561C
                    • RegSetValueExA.KERNELBASE(?,BITS,00000000,00000001,?,?,?,?), ref: 10005662
                    • RegQueryValueExA.KERNELBASE(?,Host,00000000,?,00000000,?,?,?), ref: 1000568C
                    • RegSetValueExA.KERNELBASE(?,Host,00000000,00000001,10027616,00000001,?,?), ref: 100056B2
                    • RegCloseKey.KERNELBASE(?,?,?), ref: 100056BB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Value$Query$CloseCreate
                    • String ID: BITS$Host$SYSTEM\Setup
                    • API String ID: 2357964129-2174744495
                    • Opcode ID: bf6939e59f7abf83ef9f71e2fdc06b4789267bd585b5c6e811398ebcd6f859dd
                    • Instruction ID: b9e3f65a3b723ff9817af272711f07e9694bbfed27745d423863c005ae16d7cf
                    • Opcode Fuzzy Hash: bf6939e59f7abf83ef9f71e2fdc06b4789267bd585b5c6e811398ebcd6f859dd
                    • Instruction Fuzzy Hash: F031617190061AABEF20DB24CC8DFEA73B8FB44741F504198F90CA7150DB71AE498F54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 336 1000fac0-1000face 337 1000fad4-1000faed RegOpenKeyExA 336->337 338 1000fb29-1000fb39 call 1000f960 Sleep 337->338 339 1000faef-1000fb06 RegQueryValueExA 337->339 338->337 340 1000fb08-1000fb1d RegCloseKey Sleep 339->340 341 1000fb1f-1000fb23 RegCloseKey 339->341 340->337 341->338
                    APIs
                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000FAE9
                    • RegQueryValueExA.KERNELBASE(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000FB02
                    • RegCloseKey.ADVAPI32(?), ref: 1000FB0C
                    • Sleep.KERNEL32(00000BB8), ref: 1000FB17
                    • RegCloseKey.KERNELBASE(?), ref: 1000FB23
                    • Sleep.KERNELBASE(00000BB8), ref: 1000FB33
                    Strings
                    • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000FADF
                    • IsSystemUpgradeComponentRegistered, xrefs: 1000FAF9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseSleep$OpenQueryValue
                    • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
                    • API String ID: 3341780449-3687489623
                    • Opcode ID: ad443e11dd96ab432f1e54197b681408b650c64e4a458ca4da7973afd4dcc090
                    • Instruction ID: d910147bfdafe134d3b935b93daa720863279ec739a6c1e977022a7f6f224a87
                    • Opcode Fuzzy Hash: ad443e11dd96ab432f1e54197b681408b650c64e4a458ca4da7973afd4dcc090
                    • Instruction Fuzzy Hash: 42F03C75A00229FBF704DBA5CCDAEAE767CFB08345F200048FA09A2455D770AE06AB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • OutputDebugStringA.KERNELBASE(DLL_PROCESS_ATTACH,?,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1000EA17
                    • OutputDebugStringA.KERNEL32(DLL_THREAD_ATTACH,1002D0B0,0000000C,10014A2D,?), ref: 1000EA2B
                    • OutputDebugStringA.KERNEL32(DLL_PROCESS_DETACH,?,10014985,?,?,?,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1000EA3F
                    • OutputDebugStringA.KERNEL32(DLL_THREAD_DETACH), ref: 1000EA53
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: DebugOutputString
                    • String ID: DLL_PROCESS_ATTACH$DLL_PROCESS_DETACH$DLL_THREAD_ATTACH$DLL_THREAD_DETACH
                    • API String ID: 1166629820-2224134929
                    • Opcode ID: d0db7d327c09e3ae80bf730a8db513d50ffcdcf225fb57357978a02f1b04a58d
                    • Instruction ID: 1fbbb73e636fa4368da270a62b35c7b6ca6055d4f1e74bdecfad96fd3db7412e
                    • Opcode Fuzzy Hash: d0db7d327c09e3ae80bf730a8db513d50ffcdcf225fb57357978a02f1b04a58d
                    • Instruction Fuzzy Hash: 9AE01236252118D7E210A798FCC4F9BB724F759351F608057F90CD6610D772A8A98533
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 351 413120-413132 #4457 352 4131d8-4131de 351->352 353 413138-413152 #2120 351->353 353->352 354 413158-413166 #4163 353->354 354->352 355 413168 call 413020 354->355 357 41316d-413187 #2117 355->357 357->352 358 413189-413199 #6000 357->358 358->352 359 41319b-4131d5 #5871 #2626 #2627 #2494 358->359
                    APIs
                    • #4457.MFC42(?), ref: 0041312A
                    • #2120.MFC42(?,50002800,0000E800,?), ref: 0041314B
                    • #4163.MFC42(00000080,?,50002800,0000E800,?), ref: 0041315F
                      • Part of subcall function 00413020: #823.MFC42(0009B508), ref: 00413053
                      • Part of subcall function 00413020: Sleep.KERNEL32(000000FF), ref: 004130FE
                    • #2117.MFC42(?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 00413180
                    • #6000.MFC42(0041B65C,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 00413192
                    • #5871.MFC42(?,0041B65C,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004131A7
                    • #2626.MFC42(0000F000,?,0041B65C,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004131B3
                    • #2627.MFC42(0000F000,0000F000,?,0041B65C,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004131BF
                    • #2494.MFC42(?,00000000,00000000,0000F000,0000F000,?,0041B65C,00000004,?,50008200,0000E801,00000080,?,50002800,0000E800,?), ref: 004131CB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2117#2120#2494#2626#2627#4163#4457#5871#6000#823Sleep
                    • String ID:
                    • API String ID: 3386160022-0
                    • Opcode ID: ae1def804801fb77c985a564be4da566828cf8bf858d6eca68aeadf11849b76d
                    • Instruction ID: 81cba08fe2c3487e79531c31969f399044a8ff5e42d5a08e83ec876efbd0f2e4
                    • Opcode Fuzzy Hash: ae1def804801fb77c985a564be4da566828cf8bf858d6eca68aeadf11849b76d
                    • Instruction Fuzzy Hash: 5401D23134120033E6246A364C56FFF628B5FD1B2AF14052FBB1AAA1C2CE9CA985426D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 360 413020-413069 #823 361 413076 360->361 362 41306b-41306d call 4014b0 360->362 364 413078-4130df call 412db0 * 5 call 401700 361->364 365 413072-413074 362->365 378 4130e1-4130ea call 401590 364->378 379 4130ef-4130f8 364->379 365->364 378->379 381 4130fa 379->381 382 4130fc-413117 Sleep 379->382 381->381
                    APIs
                    • #823.MFC42(0009B508), ref: 00413053
                    • Sleep.KERNEL32(000000FF), ref: 004130FE
                      • Part of subcall function 004014B0: WSAStartup.WS2_32(00000202,?), ref: 004014D6
                      • Part of subcall function 004014B0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014E3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #823CreateEventSleepStartup
                    • String ID: 2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$kxetray.exe
                    • API String ID: 121733085-1482746000
                    • Opcode ID: bb577986e4497f580ad289d923f0d24ff2d4dad1c48fed47c5194e51723892b4
                    • Instruction ID: 5987b444bda8d6f4dd85d83548e4e8e57c0972066a2e9c2a392dcf6f5427c68d
                    • Opcode Fuzzy Hash: bb577986e4497f580ad289d923f0d24ff2d4dad1c48fed47c5194e51723892b4
                    • Instruction Fuzzy Hash: 2A213D3078470176E2207B259D03FCA7AD09B48F55F20852EF5656B3D2E7FC9980429F
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryA.KERNELBASE(?,00000000,00000072), ref: 025507FC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LibraryLoad
                    • String ID: A$b$d$i$o$y
                    • API String ID: 1029625771-4132616007
                    • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
                    • Instruction ID: c904ab65a0fe2962ec0a2991771968d8d2dafd8f14588afc69c477d31960bff1
                    • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
                    • Instruction Fuzzy Hash: 9BF0975400D3D1AEE302E768944569BBED62FE2744F48CC8CE4D80B283D2BA965CC7B7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,1000F9DE,?,1000F9DE), ref: 1000E9AB
                    • RegQueryValueExA.KERNELBASE(1000F9DE,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?,?,1000F9DE), ref: 1000E9C8
                    • RegCloseKey.ADVAPI32(1000F9DE,?,1000F9DE), ref: 1000E9D6
                    • RegCloseKey.ADVAPI32(1000F9DE,?,1000F9DE), ref: 1000E9E6
                    Strings
                    • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000E9A1
                    • IsSystemUpgradeComponentRegistered, xrefs: 1000E9BF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Close$OpenQueryValue
                    • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
                    • API String ID: 1607946009-3687489623
                    • Opcode ID: 6441f0c648409d0b067b55eb74cd915cf81db3738894cadc01dfd56c8cda884f
                    • Instruction ID: 8dddabf930787e3843e7b5bbe15789e622b11357605daa8cdc69b2fd2da1617a
                    • Opcode Fuzzy Hash: 6441f0c648409d0b067b55eb74cd915cf81db3738894cadc01dfd56c8cda884f
                    • Instruction Fuzzy Hash: BAF01275900218FBEB00DFA09C8AEAAB7ACFB04205F200198FD0CE2141E7309E059760
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 025501C4
                    • VirtualProtect.KERNELBASE(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0255024A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Virtual$FreeProtect
                    • String ID: $@
                    • API String ID: 2581862158-1077428164
                    • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
                    • Instruction ID: fa8ddd7cf689d59b2328a6ba58eefc64d37b7b68c5f55212ec4da4ab7402ed2d
                    • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
                    • Instruction Fuzzy Hash: 71314BB06043029FD754CF14C5A4BABBBE6BFCC708F40890DE98A9B280D775E945CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10006268
                    • Process32First.KERNEL32(00000000,00000128), ref: 10006277
                    • Process32Next.KERNEL32(00000000,00000128), ref: 1000629C
                    • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000000), ref: 100062AE
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                    • String ID:
                    • API String ID: 3243318325-0
                    • Opcode ID: f16eeab1338c34a3cc79cd822764459de93c29bb11c3ba24120cee4fb5f24aed
                    • Instruction ID: 62871e3e9dfe9c9a798bfd966eee26c9fc07e1a64d0ec55501e3a49490f8260e
                    • Opcode Fuzzy Hash: f16eeab1338c34a3cc79cd822764459de93c29bb11c3ba24120cee4fb5f24aed
                    • Instruction Fuzzy Hash: 3901F235A002186BEB10DB758C41AEF77BDEF89390F1000A9FA448B100EE70EE558BE1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00409950: #303.MFC42(SysListView32,50800000), ref: 0040997C
                      • Part of subcall function 00409950: #540.MFC42 ref: 00409A05
                      • Part of subcall function 00409950: #384.MFC42 ref: 00409A35
                      • Part of subcall function 00409950: GetSysColor.USER32(00000008), ref: 00409A91
                      • Part of subcall function 00409950: GetSysColor.USER32(00000005), ref: 00409A9B
                      • Part of subcall function 00409950: GetSysColor.USER32(00000005), ref: 00409AA5
                      • Part of subcall function 00409950: GetSysColor.USER32(0000000D), ref: 00409AAF
                      • Part of subcall function 00409950: GetSysColor.USER32(00000003), ref: 00409AB9
                      • Part of subcall function 00409950: GetSysColor.USER32(0000000F), ref: 00409AC3
                      • Part of subcall function 00409950: #823.MFC42(00000008), ref: 00409AD3
                      • Part of subcall function 00409950: #472.MFC42(00000000,00000001,00C0C0C0), ref: 00409AF2
                      • Part of subcall function 00409950: #823.MFC42(00000008), ref: 00409B08
                    • #384.MFC42(?,?,?,00000000,00000000,00415B84,000000FF,0041347A,?,?,?,?,000000FF), ref: 004134F4
                    • #384.MFC42(?,?,?,00000000,00000000,00415B84,000000FF,0041347A,?,?,?,?,000000FF), ref: 00413506
                    • #2097.MFC42(00000086,00000010,00000000,00FF00FF,?,?,?,00000000,00000000,00415B84,000000FF,0041347A), ref: 00413526
                    • #2097.MFC42(00000087,0000000B,00000000,00FF00FF,00000086,00000010,00000000,00FF00FF,?,?,?,00000000,00000000,00415B84,000000FF,0041347A), ref: 0041353B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Color$#384$#2097#823$#303#472#540
                    • String ID:
                    • API String ID: 2181490445-0
                    • Opcode ID: 29f4ac23c1690f09d26eb63182f07699b1d4fd3231eca0645a2e1b0385f5a624
                    • Instruction ID: 89fb45fe4c2071a851428b1e97e892ae7d82a0e2483afdd1b32ce3a7f9a21fdf
                    • Opcode Fuzzy Hash: 29f4ac23c1690f09d26eb63182f07699b1d4fd3231eca0645a2e1b0385f5a624
                    • Instruction Fuzzy Hash: 9901D671384780ABE3149B198C43BAAB795EBC0B24F14091EF2A56B3D2CFFD64488795
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetProcAddress.KERNEL32(76A80000,send), ref: 0040159E
                    • send.WS2_32(?,?,?,00000000), ref: 004015B4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AddressProcsend
                    • String ID: send
                    • API String ID: 1302106133-2809346765
                    • Opcode ID: c797711eeccbbf263ffd39fe7cf08c57f69a79196f229b4bd89e5974bd0e825e
                    • Instruction ID: 4daf9ce2245524506d73c1e8c45afb3364487535d6508f6b3c18bab879e96da4
                    • Opcode Fuzzy Hash: c797711eeccbbf263ffd39fe7cf08c57f69a79196f229b4bd89e5974bd0e825e
                    • Instruction Fuzzy Hash: 40D012767052106BD218DB65DC48ED77B9AEBC8710F05C51E794583294CA74EC40C7A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
                    • Instruction ID: 0d970f89240dfdc37a8152c25a4ef7f070b73f81b56bf5a162f9f788b6e92a4c
                    • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
                    • Instruction Fuzzy Hash: E341D4B23012106FE714EF68EC94B7B77A5FFC8366F10456AFE05C6281EB71D8018A65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #1576.MFC42(?,?,?,3GA,00414733,00000000,?,0000000A), ref: 004147C6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #1576
                    • String ID: 3GA
                    • API String ID: 1976119259-1737435679
                    • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                    • Instruction ID: 64daaf88f26ef97c6c8bb6becd2a0c264108a10e290944f86e69181dd9e0dfc0
                    • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                    • Instruction Fuzzy Hash: 11B00836018396ABCB02EE91880196BBAA2BBD8714F484C5DB2E1010A587668468EB16
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSAStartup.WS2_32(00000202,?), ref: 004014D6
                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014E3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CreateEventStartup
                    • String ID:
                    • API String ID: 1546077022-0
                    • Opcode ID: 3efa3c9e53877cacb2f1b15a2b419f3730826335c9a56968814b50a5d92463d4
                    • Instruction ID: 91a8951db7ea9210a047fe8bfa246d7e310d8ee4b68d40e88c47c2c0e07bf40c
                    • Opcode Fuzzy Hash: 3efa3c9e53877cacb2f1b15a2b419f3730826335c9a56968814b50a5d92463d4
                    • Instruction Fuzzy Hash: 11F01C71600710AFD3309F1ADC099A3FBE9EBC9710F41C92FB5A5C72A0D6B5A4488B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #4464
                    • String ID:
                    • API String ID: 3032540595-0
                    • Opcode ID: 4cf209b73c1a3bb982e7a5cb3999b83735085a1745827cd6573442b5d4207249
                    • Instruction ID: 21cd8920725d6ea357c5e76af42f1b2ce35975f35c648836ca7945339c08b82f
                    • Opcode Fuzzy Hash: 4cf209b73c1a3bb982e7a5cb3999b83735085a1745827cd6573442b5d4207249
                    • Instruction Fuzzy Hash: DFE02B71F042104ADB28E5F99440FEF23889FA03247004E3FF524D31C1D678DC048299
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,1000FF55), ref: 100056EA
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: InfoNativeSystem
                    • String ID:
                    • API String ID: 1721193555-0
                    • Opcode ID: 0b79feaaf94b44499f65e8eab03cf42afb880760654aa391415821a4b1b5a84a
                    • Instruction ID: 82275566c3ccb2c877c6b173b1c4dc33355ad90b42e66e9507c950be521e0877
                    • Opcode Fuzzy Hash: 0b79feaaf94b44499f65e8eab03cf42afb880760654aa391415821a4b1b5a84a
                    • Instruction Fuzzy Hash: D7D0A729D0800DC7DB40EAF8AC051EBB3EDD708342F8001E2EC4D92644F6179CF296A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • VirtualAlloc.KERNELBASE(?,?,00001000,00000004,?,00000000,00000000,00000000,?,025504FC,?,?,00000000,?,?,?), ref: 02550121
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
                    • Instruction ID: 1f56fee7fc92b730cfedadfb3c82858aa55026b9798eb056d3f8538e9e545cca
                    • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
                    • Instruction Fuzzy Hash: FC2149B1600201AFE314CF18DC85B6AF7E9FF88355F14882EF98587281D7B1A895CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _strcat_s$DebugOutputString_memsetinet_ntoa$AddressHandleModuleProcgethostbynamegethostnameinet_addrwsprintf
                    • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
                    • API String ID: 776193317-3408092411
                    • Opcode ID: be27aeb44ff73eba3f52e61628ef864d682188e8a8401bcaa01d3749f7f223f4
                    • Instruction ID: e5d24219444de3dacda0878619b56530527954d980c908a6cf78b64f50aa726a
                    • Opcode Fuzzy Hash: be27aeb44ff73eba3f52e61628ef864d682188e8a8401bcaa01d3749f7f223f4
                    • Instruction Fuzzy Hash: 244259B19012A99BEB21CF64CC84ADDB7B9FB48300F5085E9E54DA7245DB30AF84CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00412D30: CreateToolhelp32Snapshot.KERNEL32 ref: 00412D47
                      • Part of subcall function 00412D30: Process32First.KERNEL32(00000000,?), ref: 00412D54
                      • Part of subcall function 00412D30: _stricmp.MSVCRT(?,?), ref: 00412D70
                      • Part of subcall function 00412D30: Process32Next.KERNEL32(00000000,?), ref: 00412D7F
                      • Part of subcall function 00412D30: _stricmp.MSVCRT(?,?), ref: 00412D8E
                      • Part of subcall function 00412D30: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00412D9C
                    • OpenProcess.KERNEL32(00001001,00000000,00000000), ref: 00412DD4
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?), ref: 00412DEF
                    • LookupPrivilegeValueA.ADVAPI32 ref: 00412E12
                    • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,?,00000010,?,?), ref: 00412E56
                    • AdjustTokenPrivileges.ADVAPI32(?,00000001,?,00000010,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00412E6A
                      • Part of subcall function 00412CD0: LookupPrivilegeValueA.ADVAPI32(00000000,?), ref: 00412CDF
                      • Part of subcall function 00412CD0: AdjustTokenPrivileges.ADVAPI32 ref: 00412D1F
                    • GetLengthSid.ADVAPI32 ref: 00412FA9
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 00412FBF
                      • Part of subcall function 00412B80: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 00412BBC
                      • Part of subcall function 00412B80: Thread32First.KERNEL32 ref: 00412BD1
                      • Part of subcall function 00412B80: Thread32Next.KERNEL32(00000000,?), ref: 00412BFF
                      • Part of subcall function 00412B80: CloseHandle.KERNEL32(00000000), ref: 00412C09
                      • Part of subcall function 00412B80: #823.MFC42(?), ref: 00412C38
                      • Part of subcall function 00412B80: #825.MFC42(?), ref: 00412C6C
                      • Part of subcall function 00412C90: PostThreadMessageA.USER32(?,?,?,?), ref: 00412CC0
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00412FEE
                    • CloseHandle.KERNEL32(?), ref: 00412FF9
                    • #825.MFC42(?), ref: 00413004
                    • CloseHandle.KERNEL32(00000000), ref: 0041300E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Token$Close$AdjustHandlePrivilegesProcess$#825CreateFirstLookupNextOpenPrivilegeProcess32SnapshotThread32Toolhelp32Value_stricmp$#823ChangeFindInformationLengthMessageNotificationPostTerminateThread
                    • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
                    • API String ID: 3792470745-3151685581
                    • Opcode ID: 6603eccb7058b188e5d331a02b700a657336be5a1835cc37f80808feb004cbec
                    • Instruction ID: 34130a73aad99ae7e4d70c696233a1789266318ead45eee4fe35950ef0d02828
                    • Opcode Fuzzy Hash: 6603eccb7058b188e5d331a02b700a657336be5a1835cc37f80808feb004cbec
                    • Instruction Fuzzy Hash: C4515471244304ABD220EB65CD86FDFB7E9AFD8B44F00490DB644962C1D7F9D5848BEA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___getlocaleinfo.LIBCMT ref: 100162A5
                      • Part of subcall function 1001BD65: ___crtGetLocaleInfoA.LIBCMT ref: 1001BDAF
                      • Part of subcall function 1001BD65: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 1001BDBD
                      • Part of subcall function 1001BD65: ___crtGetLocaleInfoA.LIBCMT ref: 1001BDD6
                      • Part of subcall function 1001BD65: __calloc_crt.LIBCMT ref: 1001BDEB
                      • Part of subcall function 1001BD65: ___crtGetLocaleInfoA.LIBCMT ref: 1001BE11
                      • Part of subcall function 1001BD65: __calloc_crt.LIBCMT ref: 1001BE22
                      • Part of subcall function 1001BD65: _free.LIBCMT ref: 1001BE3A
                    • __malloc_crt.LIBCMT ref: 100162B7
                    • __calloc_crt.LIBCMT ref: 100162C7
                    • __calloc_crt.LIBCMT ref: 100162D2
                    • __calloc_crt.LIBCMT ref: 100162DD
                    • __calloc_crt.LIBCMT ref: 100162EC
                    • GetCPInfo.KERNEL32(?,?), ref: 1001633F
                    • ___crtGetStringTypeA.LIBCMT ref: 100163AD
                    • ___crtLCMapStringA.LIBCMT ref: 100163E0
                    • ___crtLCMapStringA.LIBCMT ref: 1001640D
                      • Part of subcall function 10016856: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10016864
                      • Part of subcall function 10016856: __crtLCMapStringA_stat.LIBCMT ref: 10016885
                    • _memmove.LIBCMT ref: 100164B8
                    • _memmove.LIBCMT ref: 100164C7
                    • _memmove.LIBCMT ref: 100164D9
                    • InterlockedDecrement.KERNEL32(?), ref: 100164EC
                    • _free.LIBCMT ref: 10016502
                    • _free.LIBCMT ref: 10016515
                    • _free.LIBCMT ref: 10016523
                    • _free.LIBCMT ref: 1001652E
                    • _free.LIBCMT ref: 10016575
                    • _free.LIBCMT ref: 10016582
                    • _free.LIBCMT ref: 1001658A
                    • _free.LIBCMT ref: 10016592
                    • _free.LIBCMT ref: 1001659A
                    • InterlockedDecrement.KERNEL32(?), ref: 100165B2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$___crt__calloc_crt$Locale$InfoString$_memmove$DecrementInterlocked$A_statErrorLastTypeUpdateUpdate::____getlocaleinfo__crt__malloc_crt
                    • String ID:
                    • API String ID: 3735425427-0
                    • Opcode ID: 130996ad7d826d3a04d8ce3ff1fe59be9424673413eb52d5fc119984d41d6950
                    • Instruction ID: d91d60ed5cf3d75e05420494dd8eeb4273f4428b60a929caa53269e9adb79b93
                    • Opcode Fuzzy Hash: 130996ad7d826d3a04d8ce3ff1fe59be9424673413eb52d5fc119984d41d6950
                    • Instruction Fuzzy Hash: 82B137B1D006499BDB10CFA8CC91BEEBBF9FF18340F50416DE456AB251DA75E9818B20
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___getlocaleinfo.LIBCMT ref: 02567EA9
                      • Part of subcall function 0256D969: ___crtGetLocaleInfoA.LIBCMT ref: 0256D9B3
                      • Part of subcall function 0256D969: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0256D9C1
                      • Part of subcall function 0256D969: ___crtGetLocaleInfoA.LIBCMT ref: 0256D9DA
                      • Part of subcall function 0256D969: __calloc_crt.LIBCMT ref: 0256D9EF
                      • Part of subcall function 0256D969: ___crtGetLocaleInfoA.LIBCMT ref: 0256DA15
                      • Part of subcall function 0256D969: __calloc_crt.LIBCMT ref: 0256DA26
                      • Part of subcall function 0256D969: _free.LIBCMT ref: 0256DA3E
                    • __malloc_crt.LIBCMT ref: 02567EBB
                    • __calloc_crt.LIBCMT ref: 02567ECB
                    • __calloc_crt.LIBCMT ref: 02567ED6
                    • __calloc_crt.LIBCMT ref: 02567EE1
                    • __calloc_crt.LIBCMT ref: 02567EF0
                    • GetCPInfo.KERNEL32(?,?), ref: 02567F43
                    • ___crtGetStringTypeA.LIBCMT ref: 02567FB1
                    • ___crtLCMapStringA.LIBCMT ref: 02567FE4
                    • ___crtLCMapStringA.LIBCMT ref: 02568011
                      • Part of subcall function 0256845A: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02568468
                      • Part of subcall function 0256845A: __crtLCMapStringA_stat.LIBCMT ref: 02568489
                    • InterlockedDecrement.KERNEL32(?), ref: 025680F0
                    • _free.LIBCMT ref: 02568106
                    • _free.LIBCMT ref: 02568119
                    • _free.LIBCMT ref: 02568127
                    • _free.LIBCMT ref: 02568132
                    • _free.LIBCMT ref: 02568179
                    • _free.LIBCMT ref: 02568186
                    • _free.LIBCMT ref: 0256818E
                    • _free.LIBCMT ref: 02568196
                    • _free.LIBCMT ref: 0256819E
                    • InterlockedDecrement.KERNEL32(?), ref: 025681B6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$___crt__calloc_crt$Locale$InfoString$DecrementInterlocked$A_statErrorLastTypeUpdateUpdate::____getlocaleinfo__crt__malloc_crt
                    • String ID:
                    • API String ID: 640359803-0
                    • Opcode ID: 0342bf45c1e72bd3f7c087441fe7b87e90c6b595453205f0bbe91f0408403c9b
                    • Instruction ID: a1f44570aae3e9289ed82d94a21db07175325ebbab37e5865914a263d787760c
                    • Opcode Fuzzy Hash: 0342bf45c1e72bd3f7c087441fe7b87e90c6b595453205f0bbe91f0408403c9b
                    • Instruction Fuzzy Hash: E2B159B1D00249AFDB20DFA4C898BFEBBB6FF48304F084569E555A7250D775A849CF28
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __calloc_crt$String___crt_memmove$DecrementInterlocked$InfoType___getlocaleinfo__malloc_crt_free
                    • String ID:
                    • API String ID: 2650972540-0
                    • Opcode ID: 637198b4ec7070fdc7e696fd204dad5dc33ad02778921e8140bad978bfeb01c1
                    • Instruction ID: 82ae8f1af846346d75f768046ec2c03703c341376782d131d5ecaf47229ad95b
                    • Opcode Fuzzy Hash: 637198b4ec7070fdc7e696fd204dad5dc33ad02778921e8140bad978bfeb01c1
                    • Instruction Fuzzy Hash: B5B159B1D00245AFDB15CFA8CC91AEEBBF9FF09340F044169E855AB251E775E985CB20
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 02557388
                    • _memset.LIBCMT ref: 0255741B
                    • GetNativeSystemInfo.KERNEL32(?), ref: 0255744F
                    • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 02557474
                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 02557488
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 025574D3
                    • swprintf.LIBCMT ref: 025574F1
                    • CopyFileA.KERNEL32(?,?,00000000), ref: 02557508
                      • Part of subcall function 02564AB8: _malloc.LIBCMT ref: 02564AD2
                    • SuspendThread.KERNEL32(?), ref: 0255756D
                    • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 02557590
                    • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 025575BA
                    • QueueUserAPC.KERNEL32(00000000,?,00000000), ref: 025575D4
                    • ResumeThread.KERNEL32(?), ref: 025575E1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: System$DirectoryThread_memset$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write_mallocswprintf
                    • String ID: D$\msiexec.exe
                    • API String ID: 477358041-2685333904
                    • Opcode ID: 3ca8eea134f9c1ba044dfa25fbb249b40dbf8b0ed795f6cb11e04231520831b3
                    • Instruction ID: a63a20419a47539706f0a5791f076d325f921cacbb07eaadb19000798aaa96c4
                    • Opcode Fuzzy Hash: 3ca8eea134f9c1ba044dfa25fbb249b40dbf8b0ed795f6cb11e04231520831b3
                    • Instruction Fuzzy Hash: F3712DB5900228AFDB25DB68CCC4EEABBBDFB48700F50459AF60993240D7709E85CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __calloc_crt$String___crt$DecrementInterlocked$InfoType___getlocaleinfo__malloc_crt_free
                    • String ID:
                    • API String ID: 3586313819-0
                    • Opcode ID: 854056f3d148af244be448574be6bf7e344e7ca825e34d1f49bf5974a63fde05
                    • Instruction ID: 7feff7cb92bdf23d8d05292132cb2595a7ea798e79c887189714c2feb209a961
                    • Opcode Fuzzy Hash: 854056f3d148af244be448574be6bf7e344e7ca825e34d1f49bf5974a63fde05
                    • Instruction Fuzzy Hash: DDB18EB1D00205AFDB24DFA4C889AFEBBFAFF49304F084569E445AB240D7759849CF28
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #1146.MFC42(?,000000F1,?,75AE3E40), ref: 004123AE
                    • FindResourceA.KERNEL32(00000000,?,000000F1), ref: 004123C9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #1146FindResource
                    • String ID:
                    • API String ID: 2445269050-0
                    • Opcode ID: ffc115211839e8094d04c32df71332389ee12ee093c609dca55173f78c44b5dc
                    • Instruction ID: 89a5af29b53ce2b8d1d89f80fb328721d342bd8aa7357860b3b509948a85efbc
                    • Opcode Fuzzy Hash: ffc115211839e8094d04c32df71332389ee12ee093c609dca55173f78c44b5dc
                    • Instruction Fuzzy Hash: CD41B1B1204701ABC724EF24DD85AFBB7A8FB88704F00892EF456C3641D778E8998669
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • FreeLibrary.KERNEL32 ref: 100061C1
                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 100061D0
                    • HeapFree.KERNEL32(00000000), ref: 100061D7
                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 100061ED
                    • GetProcessHeap.KERNEL32(00000000,?), ref: 100061F6
                    • HeapFree.KERNEL32(00000000), ref: 100061FD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: FreeHeap$Process$LibraryVirtual
                    • String ID:
                    • API String ID: 3521805120-0
                    • Opcode ID: 6c60abcbb7f15660c0cb4d894f03a0efabfed699cfbdf7f93e4cc5ebbe665d55
                    • Instruction ID: ab8f8c989d245fe999202e0e9041d0308e1e77d3717950ffb5f6d33281dcd951
                    • Opcode Fuzzy Hash: 6c60abcbb7f15660c0cb4d894f03a0efabfed699cfbdf7f93e4cc5ebbe665d55
                    • Instruction Fuzzy Hash: 4F113A31640711EBE320CF69CC88F9673E9FF487A1F248918E55A87691C774F845CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,1001FF9A,?,10017082,?,000000BC,?,00000001,00000000,00000000), ref: 1001F99C
                    • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,1001FF9A,?,10017082,?,000000BC,?,00000001,00000000,00000000), ref: 1001F9C5
                    • GetACP.KERNEL32(?,?,1001FF9A,?,10017082,?,000000BC,?,00000001,00000000), ref: 1001F9D9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: InfoLocale
                    • String ID: ACP$OCP
                    • API String ID: 2299586839-711371036
                    • Opcode ID: 491266079f437c8fbbcd45c1d489433a032ce1676e32afca9054cb90d6cae702
                    • Instruction ID: 66f10a637569bc53348c48ff2910bc2cead57e255dbd34cf67e3115380e46fb5
                    • Opcode Fuzzy Hash: 491266079f437c8fbbcd45c1d489433a032ce1676e32afca9054cb90d6cae702
                    • Instruction Fuzzy Hash: 3801A23150124ABEEB12EB64EC05FAE76E8EF6129CF204559F501EA080EB30DEC1C695
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsDebuggerPresent.KERNEL32 ref: 1001AAF7
                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1001AB0C
                    • UnhandledExceptionFilter.KERNEL32(10029608), ref: 1001AB17
                    • GetCurrentProcess.KERNEL32(C0000409), ref: 1001AB33
                    • TerminateProcess.KERNEL32(00000000), ref: 1001AB3A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                    • String ID:
                    • API String ID: 2579439406-0
                    • Opcode ID: 6a881fe8cb7c5e5542c239f80e5110abca43d2fb5d8ba0c6c86e1b5e24365845
                    • Instruction ID: 7149d19dc191ad5fb8836a44bb6f92b9ee7dd77ceb520bbe04e4686671f3c52f
                    • Opcode Fuzzy Hash: 6a881fe8cb7c5e5542c239f80e5110abca43d2fb5d8ba0c6c86e1b5e24365845
                    • Instruction Fuzzy Hash: 5121CBB8804224DFF342DF69DDC46843BF4FB0D344FA0511AE5098A262EB709982CF59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsDebuggerPresent.KERNEL32 ref: 0256C6FB
                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0256C710
                    • UnhandledExceptionFilter.KERNEL32(10029608), ref: 0256C71B
                    • GetCurrentProcess.KERNEL32(C0000409), ref: 0256C737
                    • TerminateProcess.KERNEL32(00000000), ref: 0256C73E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                    • String ID:
                    • API String ID: 2579439406-0
                    • Opcode ID: 6a881fe8cb7c5e5542c239f80e5110abca43d2fb5d8ba0c6c86e1b5e24365845
                    • Instruction ID: 39618ffc47ee97668df40c17ad924924339b9568c27d4e5e39121f0093160c37
                    • Opcode Fuzzy Hash: 6a881fe8cb7c5e5542c239f80e5110abca43d2fb5d8ba0c6c86e1b5e24365845
                    • Instruction Fuzzy Hash: 8221DDB8804224DFF702EF29DDC86943BF4FB0C744F60515AE9088B262EB709986CF59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,02571B9E,?,02568C86,?,000000BC,?,00000001,00000000,00000000), ref: 025715A0
                    • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,02571B9E,?,02568C86,?,000000BC,?,00000001,00000000,00000000), ref: 025715C9
                    • GetACP.KERNEL32(?,?,02571B9E,?,02568C86,?,000000BC,?,00000001,00000000), ref: 025715DD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: InfoLocale
                    • String ID:
                    • API String ID: 2299586839-0
                    • Opcode ID: ccab5c62d83a393441a15e7c656f117d896fd5358a2f9bd8f04aca27e482609c
                    • Instruction ID: 2cf0384ab59b1b8605ab806d9f8b8c392426eeaee9eedce75eeea49f87f52e73
                    • Opcode Fuzzy Hash: ccab5c62d83a393441a15e7c656f117d896fd5358a2f9bd8f04aca27e482609c
                    • Instruction Fuzzy Hash: 7601D430545A06BAFB258B65FD08FAA7BA9BF4135CF208115E506E1080EF60CB41CF98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID: [RO] %ld bytes
                    • API String ID: 4104443479-772938740
                    • Opcode ID: e0c1aa5f89a2a5d75a6ddfe841fd26862926ee50a281b9f5a75c4a6d174af08b
                    • Instruction ID: f7b99461319b4c590f02748c45368805afce105408f8592e2d90c3a33bb6ba1c
                    • Opcode Fuzzy Hash: e0c1aa5f89a2a5d75a6ddfe841fd26862926ee50a281b9f5a75c4a6d174af08b
                    • Instruction Fuzzy Hash: DE222874A00B059FEB64CF69C584A9ABBF1FF48344F108A6DD89A87755D730E981CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 10005B20: LoadLibraryA.KERNEL32(?), ref: 10005B5A
                      • Part of subcall function 10005B20: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 10005B6E
                      • Part of subcall function 10005B20: GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005B78
                      • Part of subcall function 10005B20: GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005B83
                      • Part of subcall function 10005B20: GetCurrentProcess.KERNEL32(00000028,?), ref: 10005B8E
                    • ExitWindowsEx.USER32(?,00000000), ref: 10005C48
                      • Part of subcall function 10005B20: LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 10005BE7
                      • Part of subcall function 10005B20: GetProcAddress.KERNEL32(00000000,GetLastError), ref: 10005BF3
                      • Part of subcall function 10005B20: CloseHandle.KERNEL32(?), ref: 10005C06
                      • Part of subcall function 10005B20: FreeLibrary.KERNEL32(00000000), ref: 10005C11
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AddressProc$Library$Load$CloseCurrentExitFreeHandleProcessWindows
                    • String ID: SeShutdownPrivilege
                    • API String ID: 4031274050-3733053543
                    • Opcode ID: 0be445765da66e89a0f1ca7051a07f18352b09039be0fa8ab544a4238580fcb3
                    • Instruction ID: 1eff40dbe414380571019fb0aa9aa5d5938c32b0c8c48d74f42354030ea49320
                    • Opcode Fuzzy Hash: 0be445765da66e89a0f1ca7051a07f18352b09039be0fa8ab544a4238580fcb3
                    • Instruction Fuzzy Hash: AED0123558420C77E510B794BC4BFD6360CEB00647F9000E0FB0C5D182D793715402F6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 1000E92E
                    • AdjustTokenPrivileges.ADVAPI32(00000001,00000000,1000F7D9,00000010,00000000,00000000), ref: 1000E96E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                    • String ID:
                    • API String ID: 3615134276-0
                    • Opcode ID: 0798eff6e48f1600c1c0418825acd5fb291d92554964173078dfa41fda3caace
                    • Instruction ID: 7caae709a407b9f1505be0cdedb457f8de58470d62c496aff4391b54ba07c57f
                    • Opcode Fuzzy Hash: 0798eff6e48f1600c1c0418825acd5fb291d92554964173078dfa41fda3caace
                    • Instruction Fuzzy Hash: D4012571A5011DEFDB04DFA4C846BEEB7F4EB04704F504159E919AB280DB706A058B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 02560532
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 02560572
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                    • String ID:
                    • API String ID: 3615134276-0
                    • Opcode ID: 4e23d8f432a70fe492109b2c9ec3089768d280fccb020b0718a000c0432d9421
                    • Instruction ID: 33fea4bd76e655546e4d0c17b3ab8d8975875ca3b9e64c8e88b309796da037c8
                    • Opcode Fuzzy Hash: 4e23d8f432a70fe492109b2c9ec3089768d280fccb020b0718a000c0432d9421
                    • Instruction Fuzzy Hash: C101E171A5011DEFEB14DFE8C845BFEB7B8FB48704F504159E909A7280D7B06A058B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LookupPrivilegeValueA.ADVAPI32(00000000,?), ref: 00412CDF
                    • AdjustTokenPrivileges.ADVAPI32 ref: 00412D1F
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                    • String ID:
                    • API String ID: 3615134276-0
                    • Opcode ID: 4a250ecc22cf0ffcb0694af0f0bf5370ef49dc9507b186582672f2738459fde4
                    • Instruction ID: 7ccd993842bf932fc9a008b6df499679fe58eb863eb2ae8e53557319e04d1d9d
                    • Opcode Fuzzy Hash: 4a250ecc22cf0ffcb0694af0f0bf5370ef49dc9507b186582672f2738459fde4
                    • Instruction Fuzzy Hash: 28F03070248301AFE300DF64CC45B5BBBE4BB88B04F404A5CF68CD6290E7B4E5448B56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • PostThreadMessageA.USER32(00000101,00000002,00000101,?), ref: 1000EB6D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessagePostThread
                    • String ID:
                    • API String ID: 1836367815-0
                    • Opcode ID: 11e354dd6696dc1808df84fafb852fa7e7bfb7e775f55fc3491965b9fdefb1cc
                    • Instruction ID: 094f5a96cc508b76a65643899135c0630995aa741e6e844ce3bf49de733cda1e
                    • Opcode Fuzzy Hash: 11e354dd6696dc1808df84fafb852fa7e7bfb7e775f55fc3491965b9fdefb1cc
                    • Instruction Fuzzy Hash: BFF0B475201216AF8B14DE99D894C6BF768FF846517014218FD1A43300C730FC11CAE0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 02557724: LoadLibraryA.KERNEL32(?), ref: 0255775E
                      • Part of subcall function 02557724: GetCurrentProcess.KERNEL32(00000028,?), ref: 02557792
                    • ExitWindowsEx.USER32(?,00000000), ref: 0255784C
                      • Part of subcall function 02557724: LoadLibraryA.KERNEL32(100276E0), ref: 025577EB
                      • Part of subcall function 02557724: CloseHandle.KERNEL32(?), ref: 0255780A
                      • Part of subcall function 02557724: FreeLibrary.KERNEL32(00000000), ref: 02557815
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Library$Load$CloseCurrentExitFreeHandleProcessWindows
                    • String ID:
                    • API String ID: 1803421334-0
                    • Opcode ID: 0be445765da66e89a0f1ca7051a07f18352b09039be0fa8ab544a4238580fcb3
                    • Instruction ID: 9b3f3b5d1a2fe39f84611ee3501d0e795808fad2e5e0ef41b04564514f33a253
                    • Opcode Fuzzy Hash: 0be445765da66e89a0f1ca7051a07f18352b09039be0fa8ab544a4238580fcb3
                    • Instruction Fuzzy Hash: 92D0A93059020937D910A2D0BC02F883248AB00741F4000E0FF0C1D180D792645005EA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 48ee870ba4078dae6936087f58f6a85787dd3d400a9336bf38167fdeaef2e0b4
                    • Instruction ID: 286bf9b1d3c78338e11b45bc6d2ee98f7d9b2882c096cc67560ba82bdfef4a4b
                    • Opcode Fuzzy Hash: 48ee870ba4078dae6936087f58f6a85787dd3d400a9336bf38167fdeaef2e0b4
                    • Instruction Fuzzy Hash: 57223670A00B15DFCB24CF69C590AAABBF1FF88304F148A6ED95A87751D730E981CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                    • Instruction ID: 349ba43cbf073cd48c10ef6ef327ef9482841966867986e9438910b067115193
                    • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                    • Instruction Fuzzy Hash: 47C14F73D0A5B3858776852D482822FFAE2AF81A8631FC795DCD03F189C633ED8596D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                    • Instruction ID: b5c50a1b15c94c5740a90ddea2baa9a16947a09b8803da44711fb61f7f87f499
                    • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                    • Instruction Fuzzy Hash: D2C17D73D1A5F2058B76862E441C33AEFB2BE81A4831F8795DCE03F18AD3266E05D6D4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                    • Instruction ID: 01d78f250e85f3f5d493e05d08c2d40f54dfd6786a8bb0840cce9037bfe7672a
                    • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                    • Instruction Fuzzy Hash: E8C14173D1A5F3898766852D486822FFAE2AF81A8631F8395DCD03F189C233ED8595D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                    • Instruction ID: b8ac298eff534d82965cedf34a2b10a1aa4d996a4d31008c0b0b0eb567a050ea
                    • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                    • Instruction Fuzzy Hash: 65C16E73D0A5F2468B36862E441C23EEFB2BE81A4931F8795DCD03F18AD726AD05D6D4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                    • Instruction ID: 7638eea7584bd5d8ccd12bb3d6644a8aa7d894fec58d7f4b6be41e19fcc62185
                    • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                    • Instruction Fuzzy Hash: 3BC13073D1A5F3858766852D082822BFFE2AF81A8631F8395DCD03F1898637ED8596D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                    • Instruction ID: 29faaf1a3320b42e940e581e36e448ff590c284e56fc2f03fb610621a0cfa19f
                    • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                    • Instruction Fuzzy Hash: 0CC17F73D5A5F2068B36862E441C23EEF72BE81A4931F8791DCE03F18AD326AD05C6D4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                    • Instruction ID: c08014e9c99ac391bbe008a8375c93fdb199a6a9499d9a988240699cb3f1a59f
                    • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                    • Instruction Fuzzy Hash: 32B15073D1A5B3868766C52D446822BFBE2AF81A8631FC395DCD03F189C237ED8596D0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                    • Instruction ID: 06b0c47ba07b94eaf2bb50ec8e9271b8333545019fa51377899ca0b623bef22c
                    • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                    • Instruction Fuzzy Hash: D1B18173D1A5F2098B35862E445C23BEF727E81A4431FC795DCE03F18AD72AAE1586D4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #860.MFC42(0041BB74,?,00000000), ref: 00404117
                    • #1779.MFC42(000003FB,00000000,?,?,0041BB74,?,00000000), ref: 00404133
                    • #1779.MFC42(000003FC,00000000,000003FB,00000000,?,?,0041BB74,?,00000000), ref: 00404141
                    • #1779.MFC42(000003FD,00000000,000003FC,00000000,000003FB,00000000,?,?,0041BB74,?,00000000), ref: 0040414F
                    • #289.MFC42(?,000003FD,00000000,000003FC,00000000,000003FB,00000000,?,?,0041BB74,?,00000000), ref: 00404159
                    • #537.MFC42 ref: 0040416F
                    • GetTextExtentPoint32A.GDI32(000003FD,?,?,?), ref: 00404187
                    • #800.MFC42 ref: 00404191
                    • #860.MFC42(?), ref: 004041EB
                    • #860.MFC42(0041BB74,?), ref: 004041FB
                    • #3092.MFC42(000003F9,0041BB74,?), ref: 00404207
                    • #4123.MFC42(000003F9,0041BB74,?), ref: 0040420E
                    • #3092.MFC42(000003F9,00000000,000003F9,0041BB74,?), ref: 00404220
                    • #2642.MFC42(000003F9,00000000,000003F9,0041BB74,?), ref: 00404227
                    • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00404242
                    • SendMessageA.USER32(?,00000143,00000000,Image), ref: 00404257
                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404268
                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040427A
                    • #1779.MFC42(000003FC,00000001), ref: 00404285
                    • #3092.MFC42(000003FB,000003FC,00000001), ref: 00404291
                    • #4123.MFC42(000003FB,000003FC,00000001), ref: 00404298
                    • #3092.MFC42(000003FB,00000000,000003FB,000003FC,00000001), ref: 004042AA
                    • #2642.MFC42(000003FB,00000000,000003FB,000003FC,00000001), ref: 004042B1
                    • #3092.MFC42(000003FD,000003FB,000003FC,00000001), ref: 004042BD
                    • #4123.MFC42(000003FD,000003FB,000003FC,00000001), ref: 004042C4
                    • #3092.MFC42(000003FD,00000000,000003FD,000003FB,000003FC,00000001), ref: 004042D6
                    • #2642.MFC42(000003FD,00000000,000003FD,000003FB,000003FC,00000001), ref: 004042DD
                    • #3092.MFC42(000003FC,000003FD,000003FB,000003FC,00000001), ref: 004042E9
                    • #4123.MFC42(000003FC,000003FD,000003FB,000003FC,00000001), ref: 004042F0
                    • #3092.MFC42(000003FC,00000000,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404302
                    • #2642.MFC42(000003FC,00000000,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404309
                    • #3092.MFC42(000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404315
                    • #4123.MFC42(000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 0040431C
                    • #3092.MFC42(000003FA,00000000,000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404332
                    • #2642.MFC42(000003FA,00000000,000003FA,000003FC,000003FD,000003FB,000003FC,00000001), ref: 00404339
                    • #860.MFC42(?), ref: 0040434D
                    • #3092.MFC42(000003F9,?), ref: 00404359
                    • #4123.MFC42(000003F9,?), ref: 00404360
                    • #3092.MFC42(000003F9,00000001,000003F9,?), ref: 00404372
                    • #2642.MFC42(000003F9,00000001,000003F9,?), ref: 00404379
                    • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00404394
                    • SendMessageA.USER32(?,00000143,00000000,Text), ref: 004043A9
                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004043BA
                    • SendMessageA.USER32(?,00000143,00000000,Numeric), ref: 004043CF
                    • SendMessageA.USER32(?,00000151,00000000,00000008), ref: 004043E0
                    • SendMessageA.USER32(?,00000143,00000000,Valute), ref: 004043F5
                    • SendMessageA.USER32(?,00000151,00000000,00000010), ref: 00404406
                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040444E
                    • #860.MFC42(Edit), ref: 00404478
                    • #3092.MFC42(000003FC), ref: 00404484
                    • #4123.MFC42(000003FC), ref: 0040448B
                    • #3092.MFC42(000003FC,00000001,000003FC), ref: 0040449D
                    • #2642.MFC42(000003FC,00000001,000003FC), ref: 004044A4
                    • #3092.MFC42(000003FB,000003FC), ref: 004044B0
                    • #4123.MFC42(000003FB,000003FC), ref: 004044B7
                    • #613.MFC42(000003FD,00000001,000003FA,000003FD,000003FB,000003FC), ref: 0040456A
                    • #6334.MFC42(00000000,0041BB74,?,00000000), ref: 00404575
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3092$MessageSend$#4123$#2642$#860$#1779$#289#537#613#6334#800ExtentPoint32Text
                    • String ID: AbCdEfGhIj MnOpQrStUvWxYz$Drop down list$Drop list$Edit$Image$Numeric$Text$Valute
                    • API String ID: 285005041-2212831474
                    • Opcode ID: 209c17f3211e33bdd481f2f4bf6ebf98d33f838fde5ec89fc0f580ac28108a4c
                    • Instruction ID: 8bcd648ce15e2e6fc8ff019460f7afca63a4f51c6a3685f08d3f9bedce9c8a70
                    • Opcode Fuzzy Hash: 209c17f3211e33bdd481f2f4bf6ebf98d33f838fde5ec89fc0f580ac28108a4c
                    • Instruction Fuzzy Hash: B1B1987078070167EA25BA368C53FEE72999BC4B04F00442EF7566F2C1DFADAA81874D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #800$#1168#3521$#2818#540$#823#825
                    • String ID: ColDef_align_%d$ColDef_descr_%d$ColDef_dwdata_%d$ColDef_id_%d$ColDef_image_%d$ColDef_text_%d$ColDef_textdt_%d$ColDef_width_%d$DefColId %d$DefNum$GfxLists\%s$NumDef
                    • API String ID: 1075447880-987619563
                    • Opcode ID: 8bf0254d82480e570e9668e890516399efdc7b2c0ff13f8e5aaec3ef9a680ef7
                    • Instruction ID: d2f1fc797c7c51ba6ff74505effadf62c7703c3c9980bc3ae2232a9a4278779d
                    • Opcode Fuzzy Hash: 8bf0254d82480e570e9668e890516399efdc7b2c0ff13f8e5aaec3ef9a680ef7
                    • Instruction Fuzzy Hash: 1AD1A4B16043419FC314DF66C885D5BB7E5AFD8708F00891EF89A53392DB38E986CB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #323.MFC42 ref: 00404CF5
                    • #1640.MFC42(?), ref: 00404D12
                    • CopyRect.USER32(?,?), ref: 00404D24
                    • #5736.MFC42 ref: 00404D2E
                    • CreateRectRgnIndirect.GDI32(?), ref: 00404D50
                    • #1641.MFC42(00000000), ref: 00404D5B
                    • #5786.MFC42(00417208,00000000), ref: 00404D69
                    • #2414.MFC42(00417208,00000000), ref: 00404D72
                    • GetSysColor.USER32(0000000F), ref: 00404D79
                    • #2754.MFC42(?,00000000), ref: 00404D89
                    • GetTextExtentPoint32A.GDI32(?,0041B538,00000001,?), ref: 00404D9F
                    • SendMessageA.USER32(?,00001203,?,?), ref: 00404DDC
                    • #537.MFC42(0041BB78), ref: 00404E42
                    • #5710.MFC42(?,00000001,0041BB78), ref: 00404E65
                    • #800.MFC42(?,?,00000001,0041BB78), ref: 00404EA5
                    • atoi.MSVCRT ref: 00404EBB
                    • ImageList_GetImageInfo.COMCTL32(?,00000000,?), ref: 00404ED6
                    • CopyRect.USER32(?,?), ref: 00404EF1
                    • ImageList_Draw.COMCTL32(?,00000000,?,?,?,00000001), ref: 00404F5E
                    • CopyRect.USER32(?,?), ref: 00404F99
                    • GetSysColor.USER32(00000014), ref: 00404FA7
                    • #472.MFC42(00000000,00000001,00000000), ref: 00404FB2
                    • GetSysColor.USER32(00000010), ref: 00404FC1
                    • #472.MFC42(00000000,00000001,00000000), ref: 00404FCC
                    • #5788.MFC42(00008924,00000000,00000001,00000000), ref: 00404FE2
                    • #4297.MFC42(?,?,?,00008924,00000000,00000001,00000000), ref: 0040500D
                    • #4133.MFC42(?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 0040502C
                    • #4133.MFC42(?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00405050
                    • #4297.MFC42(?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 0040506E
                    • #5788.MFC42(?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 0040507C
                    • #4297.MFC42(?,?,?,00008924,00000000,00000001,00000000), ref: 00405104
                    • #4133.MFC42(?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00405120
                    • #4297.MFC42(?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00405140
                    • #5788.MFC42(?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 0040514E
                    • #4133.MFC42(?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001,00000000), ref: 00405168
                    • #4133.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000,00000001), ref: 00405179
                    • #5788.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 00405187
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 004051A1
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008924,00000000), ref: 004051BE
                    • GetStockObject.GDI32(00000000), ref: 004051E5
                    • #2860.MFC42(00000000), ref: 004051EC
                    • SelectObject.GDI32(?,?), ref: 00405206
                    • CopyRect.USER32(?,?), ref: 00405214
                    • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0040523C
                    • SelectObject.GDI32(?,00000000), ref: 0040524C
                    • #5678.MFC42(?,0041BB78), ref: 00405257
                    • #2450.MFC42(?,0041BB78), ref: 00405260
                    • #800.MFC42(?,0041BB78), ref: 00405271
                    • #2414.MFC42(?,0041BB78), ref: 0040528A
                    • #640.MFC42(?,0041BB78), ref: 004052A6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #4133Rect$#2414#4297#5788Copy$ColorImageObject$#472#800List_Select$#1640#1641#2450#2754#2860#323#537#5678#5710#5736#5786#640CreateDrawExtentIndirectInfoMessagePoint32SendStockTextatoi
                    • String ID: qA$qA
                    • API String ID: 412523226-315351840
                    • Opcode ID: 0742578ef2a5a81a5dea68cfda3d3b3e1eff9829047a57eb26d347b5ac105c69
                    • Instruction ID: bd67b4f5a67fee7ca282b912ec1ebf6e1bbef9a50a3b15958fcf9cf13273a53c
                    • Opcode Fuzzy Hash: 0742578ef2a5a81a5dea68cfda3d3b3e1eff9829047a57eb26d347b5ac105c69
                    • Instruction Fuzzy Hash: FE027B71208341AFD714DF68C988EABBBE5FBD8704F048A2DF59593280DB74E849CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2379.MFC42 ref: 004054CC
                    • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405511
                    • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405541
                    • GetClientRect.USER32(?,?), ref: 00405560
                    • InvalidateRect.USER32(?,?,00000001), ref: 00405570
                    • #289.MFC42 ref: 0040557B
                    • #283.MFC42(000000FF), ref: 00405594
                    • #5788.MFC42(?,000000FF), ref: 004055AA
                    • #472.MFC42(00000000,00000001,000000FF,?,000000FF), ref: 004055BE
                    • #5788.MFC42(?,00000000,00000001,000000FF,?,000000FF), ref: 004055D4
                    • Polygon.GDI32(?,?,00000003), ref: 00405615
                    • #5788.MFC42(00000000), ref: 00405639
                    • #5788.MFC42(?,00000000), ref: 00405647
                    • #2414.MFC42(?,00000000), ref: 00405661
                    • #2414.MFC42(?,00000000), ref: 0040567F
                    • #613.MFC42(?,00000000), ref: 00405697
                    • GetParent.USER32(?), ref: 004056AD
                    • #2864.MFC42(00000000), ref: 004056B0
                    • #289.MFC42(00000000,00000000), ref: 004056BA
                    • ClientToScreen.USER32(?,?), ref: 004056E2
                    • GetParent.USER32(?), ref: 004056EC
                    • #2864.MFC42(00000000), ref: 004056EF
                    • ScreenToClient.USER32(?,?), ref: 004056FD
                    • IsRectEmpty.USER32 ref: 00405774
                    • #2571.MFC42(?,00000002,00000002,00000000,00000002,00000002,00000000,00000000), ref: 0040579F
                    • #613.MFC42(?,00000002,00000002,00000000,00000002,00000002,00000000,00000000), ref: 004057CE
                    • SetCapture.USER32(?), ref: 004057F5
                    • #2864.MFC42(00000000), ref: 004057FC
                    • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00405814
                    • #823.MFC42 ref: 00405820
                    • SendMessageA.USER32 ref: 00405848
                    • SendMessageA.USER32(?,00001204,00000000,?), ref: 00405884
                    • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 0040589A
                    • InvalidateRect.USER32(?,00000000,00000001,?), ref: 004058B3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageRectSend$#5788$#2864Client$#2414#289#613InvalidateParentScreen$#2379#2571#283#472#823CaptureEmptyPolygon
                    • String ID: @A
                    • API String ID: 1922829686-361999007
                    • Opcode ID: 075eee62d4232776b0646bf544f16e810c24ed54553b1456c2573e61e9ba5e35
                    • Instruction ID: 48347b0b39344eaa16d1196187ceb1c323f6ae3bf8301d7ec5b116a02b8d2748
                    • Opcode Fuzzy Hash: 075eee62d4232776b0646bf544f16e810c24ed54553b1456c2573e61e9ba5e35
                    • Instruction Fuzzy Hash: EDC15AB12047419FD324DF69C885BABBBE5FB88704F008A2DB59A83391DB74E445CF56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetClientRect.USER32(?,?), ref: 00406487
                    • GetParent.USER32(?), ref: 00406491
                    • #2864.MFC42(00000000), ref: 00406498
                    • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 004064AD
                    • #2860.MFC42(00000000), ref: 004064B0
                    • #289.MFC42(?,00000000), ref: 004064C0
                    • #5788.MFC42 ref: 004064D2
                    • #537.MFC42(0041B53C), ref: 004064E2
                    • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 004064FA
                    • #800.MFC42 ref: 00406504
                    • #5788.MFC42(00000000), ref: 00406515
                    • SetRect.USER32(?,?,?,?,00000064), ref: 00406554
                    • #613.MFC42 ref: 00406566
                    • PtInRect.USER32(?,?,?), ref: 0040659D
                    • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 004065C9
                    • #6605.MFC42(?), ref: 004065DB
                    • GetParent.USER32(?), ref: 004065EA
                    • #2864.MFC42(00000000), ref: 004065ED
                    • #6880.MFC42(?,00000000), ref: 004065F9
                    • GetParent.USER32(?), ref: 00406602
                    • #2864.MFC42(00000000), ref: 00406605
                    • #3089.MFC42(00000000), ref: 0040660E
                    • #2099.MFC42(50A00002,?,00000000,-00000002,00000000), ref: 00406624
                    • SendMessageA.USER32(?,00000180,00000000,?), ref: 0040664E
                    • SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 00406669
                    • #6197.MFC42(6CF6A098,00000000,00000000,?,?,00000002), ref: 00406696
                    • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 004066B2
                    • #540.MFC42 ref: 004066B8
                    • #3874.MFC42(?), ref: 004066E1
                    • SendMessageA.USER32(?,000001A2,000000FF,?), ref: 004066F9
                    • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 0040670A
                    • #5981.MFC42 ref: 0040670E
                    • #800.MFC42 ref: 0040671F
                    • #2379.MFC42 ref: 00406745
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Message$Send$#2864ParentRect$#5788#800$#2099#2379#2860#289#3089#3874#537#540#5981#613#6197#6605#6880ClientExtentPoint32PostText
                    • String ID:
                    • API String ID: 1027999965-0
                    • Opcode ID: 227341f3fe507b1d936cea93e0402f9f83c68597c99b81e12b32785dff4892b9
                    • Instruction ID: fc39d64be709b542d899d557c8180cc84ee6395d3e45e775e2fa7aa664270420
                    • Opcode Fuzzy Hash: 227341f3fe507b1d936cea93e0402f9f83c68597c99b81e12b32785dff4892b9
                    • Instruction Fuzzy Hash: CB918D71204300AFD614DB65CD85FABB7E9FB88B04F014A2EF596972D0DB38E945CB29
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2414$#1641CreateFontIndirect$#3908#537#800CapsDeviceExtentPoint32RectText$#2243#860MessageObjectSend
                    • String ID: Arial$here's the data name
                    • API String ID: 677436990-2762142114
                    • Opcode ID: bbc4f4620c878fcb991b8ec0cef68a66c896003ecc304b9694f604da89b370aa
                    • Instruction ID: 52e8d9d46b3dc5ca7549a324622838c0f702450721b0f493d2f6f555239867e6
                    • Opcode Fuzzy Hash: bbc4f4620c878fcb991b8ec0cef68a66c896003ecc304b9694f604da89b370aa
                    • Instruction Fuzzy Hash: 94917770204345AFD724DF25C884EEAB7E9FF88704F14851EFA498B291DB34EA45CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#800$#1168Global$#1669#2652#2864#3157#3286#4294#5981#858#941AllocFocusFreeInvalidateMessageRectSend
                    • String ID: DESC
                    • API String ID: 3098961414-461850341
                    • Opcode ID: 6873688ab2607119ae947cebb752189ac73516e072f79f4f308f084726a56996
                    • Instruction ID: 6ca1e77f9906ecc2c78ecec1c88baa6d8b12e7f468de0960b0b5316e080b7a83
                    • Opcode Fuzzy Hash: 6873688ab2607119ae947cebb752189ac73516e072f79f4f308f084726a56996
                    • Instruction Fuzzy Hash: EF81C2302047809BD324EB35C845BEBFBE4AF95748F04481EF4D6532D2CBB8A985C75A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004039EB
                    • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00403A07
                    • #3092.MFC42(000003F3,?,00000000,00403665,00000001), ref: 00403A18
                    • #4123.MFC42(000003F3,?,00000000,00403665,00000001), ref: 00403A1F
                    • #3092.MFC42(000003F3,00000001,000003F3,?,00000000,00403665,00000001), ref: 00403A31
                    • #2642.MFC42(000003F3,00000001,000003F3,?,00000000,00403665,00000001), ref: 00403A38
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403A53
                    • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00403A67
                    • #3092.MFC42(000003F5,00000000,00403665,00000001), ref: 00403A76
                    • #4123.MFC42(000003F5,00000000,00403665,00000001), ref: 00403A7D
                    • #3092.MFC42(000003F5,00000000,000003F5,00000000,00403665,00000001), ref: 00403A8E
                    • #2642.MFC42(000003F5,00000000,000003F5,00000000,00403665,00000001), ref: 00403A95
                    • #3092.MFC42(000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403AA3
                    • #4123.MFC42(000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403AAA
                    • #3092.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403ABC
                    • #2642.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403AC3
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403ADD
                    • #3092.MFC42(000003F4,?,00000000,00403665,00000001), ref: 00403AEA
                    • #4123.MFC42(000003F4,?,00000000,00403665,00000001), ref: 00403AF1
                    • #3092.MFC42(000003F4,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B0C
                    • #4123.MFC42(000003F4,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B13
                    • #3092.MFC42(000003F3,?,00000000,00403665,00000001), ref: 00403B29
                    • #4123.MFC42(000003F3,?,00000000,00403665,00000001), ref: 00403B30
                    • #3092.MFC42(000003F3,00000000,000003F3,?,00000000,00403665,00000001), ref: 00403B42
                    • #2642.MFC42(000003F3,00000000,000003F3,?,00000000,00403665,00000001), ref: 00403B49
                    • #3092.MFC42(000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B5A
                    • #4123.MFC42(000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B61
                    • #3092.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B73
                    • #2642.MFC42(000003F5,00000000,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B7A
                    • #3092.MFC42(000003F4,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B86
                    • #4123.MFC42(000003F4,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B8D
                    • #3092.MFC42(000003F4,00000000,000003F4,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403B9F
                    • #2642.MFC42(000003F4,00000000,000003F4,000003F5,000003F3,?,00000000,00403665,00000001), ref: 00403BA6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3092$#4123$#2642$MessageSend
                    • String ID:
                    • API String ID: 3525747040-0
                    • Opcode ID: b58bde029d2eca9de864597771c402a61a541795be3e33cd24683408fa1f6a24
                    • Instruction ID: 649713efca1b1329029fab2a4508ae3887a68e4db5629b13aed09819abff021a
                    • Opcode Fuzzy Hash: b58bde029d2eca9de864597771c402a61a541795be3e33cd24683408fa1f6a24
                    • Instruction Fuzzy Hash: 5941E030B8470162ED257A770C66FBE245D5B95B0AF01053FB742AF2C2EEADDB82464D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #4837.MFC42(?,?,?), ref: 0040D11B
                    • GetFocus.USER32 ref: 0040D16B
                    • #2864.MFC42(00000000), ref: 0040D172
                    • #5981.MFC42(00000000), ref: 0040D17D
                    • GetMessagePos.USER32 ref: 0040D1A9
                    • #3092.MFC42(00000000), ref: 0040D1CC
                    • ScreenToClient.USER32(?,?), ref: 0040D1DC
                    • SendMessageA.USER32(?,00001207,00000000,?), ref: 0040D203
                    • PtInRect.USER32(?,?,?), ref: 0040D218
                    • SendMessageA.USER32(?,00001207,00000001,?), ref: 0040D232
                    • CreatePopupMenu.USER32 ref: 0040D254
                    • #1644.MFC42(00000000), ref: 0040D25F
                    • AppendMenuA.USER32(?,00000000,00008023,Sort ascending), ref: 0040D27B
                    • AppendMenuA.USER32(?,00000000,00008024,Sort descending), ref: 0040D28E
                    • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 0040D29E
                    • AppendMenuA.USER32(?,00000000,00008022,Customize header), ref: 0040D2B1
                    • AppendMenuA.USER32(?,00000000,00008025,Header format), ref: 0040D2C4
                    • #1133.MFC42(00417C78,?,?,00000081), ref: 0040D2E8
                    • #6270.MFC42(00000002,?,?,?,00000000,?,00000000), ref: 0040D312
                    • #2438.MFC42(00000002,?,?,?,00000000,?,00000000), ref: 0040D31B
                    • GetClientRect.USER32(?,?), ref: 0040D355
                    • GetMessagePos.USER32 ref: 0040D35B
                    • ScreenToClient.USER32(?,?), ref: 0040D37B
                    • InvalidateRect.USER32(?,?,00000001), ref: 0040D394
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Menu$Append$Message$ClientRect$ScreenSend$#1133#1644#2438#2864#3092#4837#5981#6270CreateFocusInvalidatePopup
                    • String ID: Customize header$Header format$Sort ascending$Sort descending
                    • API String ID: 1586058299-3541644344
                    • Opcode ID: 81a52d2dfc9d051957f6702935c848fa6ef8e0bd3f88ded3f341f483f58e16e6
                    • Instruction ID: 52979741608b07730105aae535aa4975a9a5235dc82952623b92f64dc7856fd7
                    • Opcode Fuzzy Hash: 81a52d2dfc9d051957f6702935c848fa6ef8e0bd3f88ded3f341f483f58e16e6
                    • Instruction Fuzzy Hash: 2A816070604301ABD324DB64CC85FABB7A9FF84704F508A2EF595972D0DB78E845CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #303.MFC42(SysListView32,50800000), ref: 0040997C
                      • Part of subcall function 00404B50: #567.MFC42 ref: 00404B53
                    • #540.MFC42 ref: 00409A05
                    • #384.MFC42 ref: 00409A35
                      • Part of subcall function 00408D70: #567.MFC42 ref: 00408D91
                      • Part of subcall function 00408D70: #1168.MFC42 ref: 00408DA2
                      • Part of subcall function 00408D70: GetClassInfoA.USER32(?,ZGfxListTip,?), ref: 00408DB5
                      • Part of subcall function 00408D70: LoadCursorA.USER32 ref: 00408DE7
                      • Part of subcall function 00408D70: #1232.MFC42(?,?,?,?,?,?,?,00007F00), ref: 00408E0A
                      • Part of subcall function 00408D70: #1270.MFC42(?,?,?,?,?,?,?,00007F00), ref: 00408E13
                    • GetSysColor.USER32(00000008), ref: 00409A91
                    • GetSysColor.USER32(00000005), ref: 00409A9B
                    • GetSysColor.USER32(00000005), ref: 00409AA5
                    • GetSysColor.USER32(0000000D), ref: 00409AAF
                    • GetSysColor.USER32(00000003), ref: 00409AB9
                    • GetSysColor.USER32(0000000F), ref: 00409AC3
                    • #823.MFC42(00000008), ref: 00409AD3
                    • #472.MFC42(00000000,00000001,00C0C0C0), ref: 00409AF2
                    • #823.MFC42(00000008), ref: 00409B08
                    • #472.MFC42(00000000,00000001,00808080), ref: 00409B27
                    • GetStockObject.GDI32(00000011), ref: 00409B43
                    • #2860.MFC42(00000000), ref: 00409B4A
                    • GetObjectA.GDI32(?,0000003C,?), ref: 00409B5A
                    • CreateFontIndirectA.GDI32(?), ref: 00409B6B
                    • #1641.MFC42(00000000), ref: 00409B70
                    • CreateFontIndirectA.GDI32(?), ref: 00409B82
                    • #1641.MFC42(00000000), ref: 00409B8B
                    • CreateFontIndirectA.GDI32(?), ref: 00409B9E
                    • #1641.MFC42(00000000), ref: 00409BA7
                    • CreateFontIndirectA.GDI32(?), ref: 00409BBA
                    • #1641.MFC42(00000000), ref: 00409BC3
                    • #860.MFC42 ref: 00409C63
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Color$#1641CreateFontIndirect$#472#567#823Object$#1168#1232#1270#2860#303#384#540#860ClassCursorInfoLoadStock
                    • String ID: Gfx list Control$SysListView32
                    • API String ID: 3032532091-2490968710
                    • Opcode ID: 9a0de914a93ac17eea25d445fbb11e8316ac9532d37ceb15a701ab29ef721aa9
                    • Instruction ID: e66ac34e82437468a234f3f9b0ac7f78dc20521cde0a593c18e90a8e1229fdf8
                    • Opcode Fuzzy Hash: 9a0de914a93ac17eea25d445fbb11e8316ac9532d37ceb15a701ab29ef721aa9
                    • Instruction Fuzzy Hash: 1591E9B0904B849ED320DF76C8857DBFBE0BB99304F40492EE4AE97281DBB86584CF55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040D6AD
                    • #3293.MFC42(00000000,?,00000000), ref: 0040D6C8
                    • #470.MFC42 ref: 0040D6ED
                    • #2971.MFC42(?), ref: 0040D706
                    • IsRectEmpty.USER32(?), ref: 0040D710
                    • InvalidateRect.USER32(?,?,00000000), ref: 0040D742
                    • #755.MFC42 ref: 0040D757
                    • #3021.MFC42 ref: 0040D75C
                    • GetClientRect.USER32(?,?), ref: 0040D78F
                    • #3092.MFC42(00000000), ref: 0040D795
                    • GetClientRect.USER32(?,?), ref: 0040D7A3
                    • #289.MFC42 ref: 0040D7CB
                    • GetSysColor.USER32(00000011), ref: 0040D7DD
                    • #6172.MFC42(00000000), ref: 0040D7E8
                    • #5875.MFC42(00000001,00000000), ref: 0040D7F5
                    • #5788.MFC42(?,00000001,00000000), ref: 0040D807
                    • #2754.MFC42(?,?,?,00000001,00000000), ref: 0040D81E
                    • #537.MFC42(Nessun elemento presente nella lista,?,?,?,00000001,00000000), ref: 0040D82C
                    • #800.MFC42 ref: 0040D85E
                    • #5788.MFC42(00000000), ref: 0040D868
                    • #5875.MFC42(00000000,00000000), ref: 0040D872
                    • #6172.MFC42(00000000,00000000,00000000), ref: 0040D87C
                    • EnableScrollBar.USER32(?,00000000,00000003), ref: 0040D895
                    • #613.MFC42(00000000,00000000), ref: 0040D8AA
                    • #3293.MFC42(00000000,?,00000000), ref: 0040D8C7
                    • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040D8EE
                    Strings
                    • Nessun elemento presente nella lista, xrefs: 0040D823
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Rect$#3293#5788#5875#6172ClientEnableScroll$#2754#289#2971#3021#3092#470#537#613#755#800ColorEmptyInvalidateMessageSend
                    • String ID: Nessun elemento presente nella lista
                    • API String ID: 3469473975-42175248
                    • Opcode ID: e658c13cd5f262aff73237409943e21b1464b871ffb8b784ce3f888b05c71d90
                    • Instruction ID: ba288af5e9dbc7070f85d188e3ba25de2fffba4afc737a9fb6850a5c65b94f15
                    • Opcode Fuzzy Hash: e658c13cd5f262aff73237409943e21b1464b871ffb8b784ce3f888b05c71d90
                    • Instruction Fuzzy Hash: 34717B71204301AFD314EB64C895FABB7E4FBC8708F008A1DF5AA972D1EB74A945CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #1168.MFC42 ref: 0040C895
                    • #1669.MFC42 ref: 0040C89D
                    • #540.MFC42 ref: 0040C916
                    • #540.MFC42 ref: 0040C924
                    • #540.MFC42 ref: 0040C932
                    • #540.MFC42 ref: 0040C940
                    • #540.MFC42 ref: 0040C94E
                    • #540.MFC42 ref: 0040C95C
                    • #540.MFC42 ref: 0040C96A
                    • #3157.MFC42(?,?,00000001), ref: 0040C986
                    • #858.MFC42(?,?,?,00000001), ref: 0040C999
                    • #941.MFC42( DESC,?,?,?,00000001), ref: 0040C9B0
                    • #4294.MFC42 ref: 0040C9C6
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0040C9D3
                    • #800.MFC42 ref: 0040C9F2
                    • #800.MFC42 ref: 0040CA00
                    • #800.MFC42 ref: 0040CA0E
                    • #800.MFC42 ref: 0040CA1C
                    • #800.MFC42 ref: 0040CA2A
                    • #800.MFC42 ref: 0040CA38
                    • #800.MFC42 ref: 0040CA46
                      • Part of subcall function 00401D90: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401DA9
                      • Part of subcall function 00401D90: SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401DB8
                      • Part of subcall function 00401D90: #3998.MFC42(00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00401DD2
                      • Part of subcall function 00401D90: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00401DED
                      • Part of subcall function 00401D90: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401E34
                    • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040CB58
                    • SendMessageA.USER32(?,00001013,00000000,00000000), ref: 0040CB6A
                    • #1168.MFC42 ref: 0040CB74
                    • #2652.MFC42 ref: 0040CB7C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#800$MessageSend$#1168$#1669#2652#3157#3998#4294#6007#858#941InvalidateRect
                    • String ID: DESC
                    • API String ID: 3819644337-461850341
                    • Opcode ID: 7b22dd965feaabda623096fb22d881b2c269cc10b42e6165f91def9dc3a37546
                    • Instruction ID: eef17dfb63d4aad2f5e325e437482a1e1279272a5ad010493d0a48eef1840d62
                    • Opcode Fuzzy Hash: 7b22dd965feaabda623096fb22d881b2c269cc10b42e6165f91def9dc3a37546
                    • Instruction Fuzzy Hash: 9691BE302043819BD714EB25C891BAFB7E5BF85708F044A2DF496533C2DB78A949CB6A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$MessageSend$#5788ClientRect$#2379#2860#3874#4299#540#562#5981#6605#6880#800#816ExtentPoint32StateText
                    • String ID:
                    • API String ID: 854166642-0
                    • Opcode ID: 5b8eea6eb27153f38b593f0a77a5686da2516d50e9b55874adc30771b4ad6ca1
                    • Instruction ID: 611c82435cd4998629010c9a484ff1bb3d2de58c228364183761d9caa51a24d0
                    • Opcode Fuzzy Hash: 5b8eea6eb27153f38b593f0a77a5686da2516d50e9b55874adc30771b4ad6ca1
                    • Instruction Fuzzy Hash: BC61A1B5204340AFC714EB65C889EABB7E9FBD8714F004A2EF58683381DB78E941CB55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0040218E
                    • GlobalAlloc.KERNEL32(00000040,00000004), ref: 0040219A
                    • #823.MFC42(?), ref: 004021BF
                    • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 004021FC
                    • GlobalAlloc.KERNEL32(00000040,00000004), ref: 0040220F
                    • SendMessageA.USER32(?,0000100D,000000FF,00000001), ref: 0040227E
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?), ref: 00402298
                    • SendMessageA.USER32(?,0000100D,000000FF,00000001), ref: 004022FA
                    • #540.MFC42(?,?,?,?,?,?,?,?,?,?,?), ref: 0040230E
                    • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00402344
                    • #6907.MFC42(00000000,00000000,?), ref: 00402359
                    • #3293.MFC42(00000000,?,00000000,00000000,00000000,?), ref: 00402368
                    • InvalidateRect.USER32(?,?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00402378
                    • #3998.MFC42(00000001,00000001,000000FF,00000000,00000000,00000000,00000000), ref: 00402398
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000001,000000FF,00000000,00000000,00000000,00000000), ref: 004023B5
                    • #540.MFC42(?,?,?,?,?,?,?,?,?,?,?), ref: 004023CF
                    • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00402405
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040241A
                    • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402432
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 0040244E
                    • #3293.MFC42(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,?,00000000,00000000), ref: 0040245D
                    • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000), ref: 0040246D
                    • #800.MFC42 ref: 0040247F
                    • #825.MFC42(?,?,?,?,?,?,?,?), ref: 004024B3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocGlobal$#6007MessageSend$#2818#3293#3998#540InvalidateRect$#6907#800#823#825
                    • String ID: Categoria: %s (%d element%c)
                    • API String ID: 700626880-3571718097
                    • Opcode ID: 548b75f2aba680bc62c75ebd5fa620334311e636a18f89c47d26e2eb43b3e269
                    • Instruction ID: 835d706774f5cfe4689771e9ead0bf814dff29112648d5c1837e265d40a216c3
                    • Opcode Fuzzy Hash: 548b75f2aba680bc62c75ebd5fa620334311e636a18f89c47d26e2eb43b3e269
                    • Instruction Fuzzy Hash: E5B19AB0644701AFE224CF14CC85F6AB7E5FB88704F108A2DF6929B2D1D7B4E906CB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#800$#1168$#1669#2652#2864#3157#4294#5981#858FocusInvalidateRect
                    • String ID:
                    • API String ID: 1251853744-0
                    • Opcode ID: ce6ae9f5b81c34de702af996f0ab04aff8c9e7f2ad16198ff1a1953caffd2e75
                    • Instruction ID: cfff726126194df993d90e8e1439862de65beea494c91f5de49b71849a5cd79d
                    • Opcode Fuzzy Hash: ce6ae9f5b81c34de702af996f0ab04aff8c9e7f2ad16198ff1a1953caffd2e75
                    • Instruction Fuzzy Hash: 6C81B3302047809BD324EB75C895BEFFBE4AF95708F04482EF496532D2CB78A989C756
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001013,?,00000001), ref: 0040DE57
                      • Part of subcall function 0040EED0: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040EEEF
                      • Part of subcall function 0040EED0: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040EF1F
                      • Part of subcall function 0040EED0: #3293.MFC42(00000000,?,00000000,75A73EB0,?,?,?,?,?,?,?,?,?,0040DAAD,?), ref: 0040EF37
                      • Part of subcall function 0040EED0: SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040EF54
                      • Part of subcall function 0040EED0: GetClientRect.USER32(?,?), ref: 0040EF63
                      • Part of subcall function 0040EED0: SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040EF84
                      • Part of subcall function 0040F560: #3092.MFC42(00000000,0040AF2D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040F562
                      • Part of subcall function 0040F560: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040F578
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DE85
                    • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DEAE
                    • #3293.MFC42(?,?,00000000,?,75A73EB0,?), ref: 0040DED0
                    • GetClientRect.USER32(?,?), ref: 0040DEFA
                    • SendMessageA.USER32 ref: 0040DF1A
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DF5A
                    • #3286.MFC42(?), ref: 0040DF77
                    • #540.MFC42(?), ref: 0040DF84
                    • #823.MFC42(00000054), ref: 0040DFA9
                    • #535.MFC42(?,?,?), ref: 0040DFD5
                    • #2111.MFC42(?,?,?,00000069), ref: 0040E002
                    • #540.MFC42(?,?,?,00000069), ref: 0040E00B
                    • #3089.MFC42(?,?,?,00000069), ref: 0040E058
                    • SendMessageA.USER32(?,00000030,00000100,00000000), ref: 0040E135
                    • SendMessageA.USER32(?,00000434,00000000,?), ref: 0040E16F
                    • #6134.MFC42(00000000,000000FF,?,00000069), ref: 0040E177
                    • #5937.MFC42(0000003C,00000000,000000FF,?,00000069), ref: 0040E186
                    • #6136.MFC42(0000003C,0000003C,00000000,000000FF,?,00000069), ref: 0040E195
                    • SendMessageA.USER32(?,00000437,00000000,?), ref: 0040E1AA
                    • #800.MFC42(?,?,?,00000069), ref: 0040E1C0
                    • #800.MFC42(?,?,?,00000069), ref: 0040E1D4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$Rect$#3293#540#800Client$#2111#3089#3092#3286#535#5937#6134#6136#823
                    • String ID: <
                    • API String ID: 3875506128-4251816714
                    • Opcode ID: 2cd49e9711a5e6fc410696429cf985957fb1e68ada4971377f91e43b651ed482
                    • Instruction ID: 0247a460846e662f2e8605aa5aec0bb1a7eca12e88ef44c72c4ae8ffa6bd307b
                    • Opcode Fuzzy Hash: 2cd49e9711a5e6fc410696429cf985957fb1e68ada4971377f91e43b651ed482
                    • Instruction Fuzzy Hash: 94B16170608345AFD324DF65C841FABB7E9ABC8704F004E2EF589A72C1D778E9058B5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A7E4
                    • __mtterm.LIBCMT ref: 1001A7F0
                      • Part of subcall function 1001A4BB: DecodePointer.KERNEL32(00000007,100148A1,10014887,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A4CC
                      • Part of subcall function 1001A4BB: TlsFree.KERNEL32(00000018,100148A1,10014887,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A4E6
                      • Part of subcall function 1001A4BB: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,100148A1,10014887,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001D0C3
                      • Part of subcall function 1001A4BB: _free.LIBCMT ref: 1001D0C6
                      • Part of subcall function 1001A4BB: DeleteCriticalSection.KERNEL32(00000018,?,?,100148A1,10014887,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001D0ED
                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1001A806
                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 1001A813
                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 1001A820
                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 1001A82D
                    • TlsAlloc.KERNEL32(?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A87D
                    • TlsSetValue.KERNEL32(00000000,?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A898
                    • __init_pointers.LIBCMT ref: 1001A8A2
                    • EncodePointer.KERNEL32(?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A8B3
                    • EncodePointer.KERNEL32(?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A8C0
                    • EncodePointer.KERNEL32(?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A8CD
                    • EncodePointer.KERNEL32(?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A8DA
                    • DecodePointer.KERNEL32(Function_0001A63F,?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A8FB
                    • __calloc_crt.LIBCMT ref: 1001A910
                    • DecodePointer.KERNEL32(00000000,?,?,100147DE,1002D090,00000008,10014972,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1001A92A
                    • GetCurrentThreadId.KERNEL32 ref: 1001A93C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                    • API String ID: 3698121176-3819984048
                    • Opcode ID: 12e99c80e21cb94e70e4b6d6703bfb5c16548aa607dfcf1d1070f879afc85ebf
                    • Instruction ID: 56790b693c7f9df0b138fac6648d521db03801505e420a73ee5e648ee6474e44
                    • Opcode Fuzzy Hash: 12e99c80e21cb94e70e4b6d6703bfb5c16548aa607dfcf1d1070f879afc85ebf
                    • Instruction Fuzzy Hash: 86317C348042759FEB13EF758D856953BF5EB4A2A0B25052AE8158B2B1EB34C4C6CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #537.MFC42(0041BB74), ref: 0041385B
                    • #6883.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415BF8,000000FF), ref: 00413870
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415BF8,000000FF), ref: 00413880
                    • #6883.MFC42(?,?,?), ref: 00413890
                    • #537.MFC42(Provincia,?,?,?), ref: 0041389E
                    • #6883.MFC42(?,00000000,Provincia,?,?,?), ref: 004138B3
                    • #800.MFC42(?,00000000,Provincia,?,?,?), ref: 004138C0
                    • #537.MFC42(Anas,?,00000000,Provincia,?,?,?), ref: 004138CE
                    • #6883.MFC42(?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 004138E3
                    • #800.MFC42(?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 004138F0
                    • #537.MFC42(Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 004138FE
                    • #6883.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413913
                    • #800.MFC42(?,00000000,Comune,?,00000000,Anas,?,00000000,Provincia,?,?,?), ref: 00413920
                    • #540.MFC42 ref: 00413958
                    • #2818.MFC42(?,TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set), ref: 0041396B
                    • #800.MFC42 ref: 004139A2
                    Strings
                    • Provincia, xrefs: 00413895
                    • Comune, xrefs: 004138F5
                    • TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set, xrefs: 00413961
                    • Anas, xrefs: 004138C5
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #6883#800$#537$#2818#540
                    • String ID: Anas$Comune$Provincia$TpLxEx->pDC->his is a test about item autopreview. We are writing some trash here. The autopreview is obtained handling the NTEX_AUTOPREVIEW subcode in the exinfo callback/message and the height of autopreview pane have to be fixed for all items and can be set
                    • API String ID: 3485451498-1603090807
                    • Opcode ID: eb4865d991d4396973f97efad91e91f09952ee0f645a2d0b4aaa2e30d1d0272a
                    • Instruction ID: 359e0e97eb4e600374d311f4f5401f2b4e434782735719c29b9c9be522229711
                    • Opcode Fuzzy Hash: eb4865d991d4396973f97efad91e91f09952ee0f645a2d0b4aaa2e30d1d0272a
                    • Instruction Fuzzy Hash: D9519F755447009FC320EF15C581BAABBF4FB88724F504A1EF48683A91C739F98ACB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040E302
                      • Part of subcall function 0040F650: SendMessageA.USER32 ref: 0040F66E
                      • Part of subcall function 0040DE20: SendMessageA.USER32(?,00001013,?,00000001), ref: 0040DE57
                      • Part of subcall function 0040DE20: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DE85
                      • Part of subcall function 0040DE20: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DEAE
                      • Part of subcall function 0040DE20: #3293.MFC42(?,?,00000000,?,75A73EB0,?), ref: 0040DED0
                      • Part of subcall function 0040DE20: GetClientRect.USER32(?,?), ref: 0040DEFA
                      • Part of subcall function 0040DE20: SendMessageA.USER32 ref: 0040DF1A
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040E37C
                    • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040E3EA
                    • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040E3FE
                    • #6905.MFC42(?,00000003,00000003), ref: 0040E412
                    • #3286.MFC42(?,?,00000003,00000003), ref: 0040E424
                    • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040E5A9
                    • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040E5BD
                    • #6905.MFC42(?,00000003,00000003), ref: 0040E5D1
                      • Part of subcall function 0040F560: #3092.MFC42(00000000,0040AF2D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040F562
                      • Part of subcall function 0040F560: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040F578
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#6905$#3092#3286#3293ClientRect
                    • String ID:
                    • API String ID: 3523344188-0
                    • Opcode ID: d3b0ebad56376d06b474fa85de30e38e3fc9f6e43162149ad3e679f205f1e924
                    • Instruction ID: a9abfce898e87779848f1118bb002cdb9af9261e074e95e8409a295e830e9fdc
                    • Opcode Fuzzy Hash: d3b0ebad56376d06b474fa85de30e38e3fc9f6e43162149ad3e679f205f1e924
                    • Instruction Fuzzy Hash: 74E1A43030060167D624A62ACC41FAFB2D9EBD8B14F104D3EF55AEB7C1EA79E956835C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetMenuItemCount.USER32(?), ref: 00412593
                    • GetMenuItemID.USER32(?,-00000001), ref: 004125AB
                    • GetSubMenu.USER32(?,-00000001), ref: 004125C5
                    • #2863.MFC42(00000000,?,?,?,75AE3E40), ref: 004125CC
                    • #540.MFC42(00000000,?,?,?,75AE3E40), ref: 004125F0
                    • GetMenuStringA.USER32 ref: 00412611
                    • #2919.MFC42(00000002), ref: 00412620
                    • GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412631
                    • #5572.MFC42(000000FF), ref: 00412639
                    • ModifyMenuA.USER32(?,-00000001,00000500,000000FF,00000000), ref: 004126AA
                    • #800.MFC42 ref: 004126BC
                      • Part of subcall function 00412560: #2614.MFC42 ref: 00412644
                      • Part of subcall function 00412560: #2614.MFC42 ref: 00412750
                      • Part of subcall function 00412560: GetMenuState.USER32(?,-00000001,00000400), ref: 0041278C
                      • Part of subcall function 00412560: ModifyMenuA.USER32(?,-00000001,00000000,00000000,00000000), ref: 004127BA
                    • GetMenuState.USER32(?,-00000001,00000400), ref: 004126D8
                    • #540.MFC42(?,?,?,75AE3E40), ref: 004126F6
                    • GetMenuStringA.USER32 ref: 00412711
                    • #2919.MFC42(00000002), ref: 00412724
                    • GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412735
                    • #5572.MFC42(000000FF), ref: 00412741
                    • ModifyMenuA.USER32(?,-00000001,00000000,00000000,00000000), ref: 0041276F
                    • #800.MFC42 ref: 00412781
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Menu$String$Modify$#2614#2919#540#5572#800ItemState$#2863Count
                    • String ID:
                    • API String ID: 985470246-0
                    • Opcode ID: af7546ae0f820b2a297cdd97f4d63310d297062ca4b53fd5a481184eabac876d
                    • Instruction ID: d0328d966c5dcb13791f5abaa8516d34a9b6a5c868d42b30f81f8044e5c6eb88
                    • Opcode Fuzzy Hash: af7546ae0f820b2a297cdd97f4d63310d297062ca4b53fd5a481184eabac876d
                    • Instruction Fuzzy Hash: D471AEB0204305AFC310EF25CE45FEBBBA8EB45724F108619F665972D1DB78E854CBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetClientRect.USER32(?,?), ref: 00406137
                    • GetSysColor.USER32(0000000F), ref: 00406168
                    • #2754.MFC42(?,00000000), ref: 00406176
                    • #2860.MFC42(?,?,00000000), ref: 0040617F
                    • #323.MFC42(?,?,00000000), ref: 0040618E
                    • CreateCompatibleDC.GDI32(00000000), ref: 004061A1
                    • #1640.MFC42(00000000), ref: 004061AC
                    • GetObjectA.GDI32(?,00000018,?), ref: 004061C4
                    • #5785.MFC42(?,?), ref: 0040620D
                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040623E
                    • #5785.MFC42(?,?), ref: 00406255
                    • GetSysColor.USER32(00000014), ref: 0040626A
                    • GetSysColor.USER32(00000010), ref: 0040626F
                    • #2567.MFC42(?,00000000), ref: 00406279
                    • InflateRect.USER32(00000000,000000FF,000000FF), ref: 0040628E
                    • GetSysColor.USER32(0000000F), ref: 00406296
                    • GetSysColor.USER32(0000000F), ref: 004062A8
                    • #2567.MFC42(?,00000000), ref: 004062B2
                    • InflateRect.USER32(00000000,000000FF,000000FF), ref: 004062C0
                    • GetSysColor.USER32(00000010), ref: 004062C8
                    • GetSysColor.USER32(00000014), ref: 004062CD
                    • #2567.MFC42(?,00000000), ref: 004062D7
                    • #640.MFC42 ref: 004062E8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Color$#2567Rect$#5785Inflate$#1640#2754#2860#323#640ClientCompatibleCreateObject
                    • String ID:
                    • API String ID: 881363819-0
                    • Opcode ID: cf79bf2e63c1df3b094314031bbe3a22603d7c81b090973cba6e0590bf09ff35
                    • Instruction ID: 42928feaf392abf7adb86202971ce42a361d3b4ddc9c6ae3a78695e8889b57ed
                    • Opcode Fuzzy Hash: cf79bf2e63c1df3b094314031bbe3a22603d7c81b090973cba6e0590bf09ff35
                    • Instruction Fuzzy Hash: BA516BB1208345AFD704EF69CC45EABBBE9ABC8710F014A2DF595D32D1DA34E844CB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409D03
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409D19
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409D31
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409D49
                    • #686.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409D89
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409DA5
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409DC7
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409DDD
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409DF9
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409E1B
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409E3D
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409E5F
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409E7D
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409E9B
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409EBD
                    • #2414.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409EDF
                      • Part of subcall function 00404BD0: #2414.MFC42(?,?,?,?,?,?,?,00404BB8), ref: 00404C15
                      • Part of subcall function 00404BD0: #682.MFC42(?,?,?,?,?,?,?,00404BB8), ref: 00404C2A
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409F02
                    • #813.MFC42(?,?,?,?,?,?,?,?,?,00409C88), ref: 00409F11
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2414$#800$#682#686#813
                    • String ID: @A
                    • API String ID: 1983375026-361999007
                    • Opcode ID: f2125078b982476ffb949a6f92cdda148867c53e3d3e8f95f40c2d7f6767c04c
                    • Instruction ID: 81323de4f43e50a07ace19402ef9f1c99b84d4368aa278dedf21a2cef4596ddb
                    • Opcode Fuzzy Hash: f2125078b982476ffb949a6f92cdda148867c53e3d3e8f95f40c2d7f6767c04c
                    • Instruction Fuzzy Hash: 747180702083829BD710DF29D4047DAFBE4BFD5708F14491EE4995B381DBF89988CB6A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2379.MFC42 ref: 00405EC6
                    • GetClientRect.USER32(?,?), ref: 00405EE5
                    • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 00405F27
                    • #2860.MFC42(?), ref: 00405F2A
                    • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00405F41
                    • #3089.MFC42 ref: 00405F5C
                    • #2111.MFC42(50000080,?,?,00000001), ref: 00405F70
                    • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00405F88
                    • #6199.MFC42(?,?,00000001), ref: 00405F90
                    • SendMessageA.USER32(?,00000434,00000000,?), ref: 00405FC2
                    • #6134.MFC42(00000000,000000FF), ref: 00405FCA
                    • #5937.MFC42(0000003C,00000000,000000FF), ref: 00405FD6
                    • #6136.MFC42(0000003C,0000003C,00000000,000000FF), ref: 00405FE2
                    • SendMessageA.USER32(?,00000437,00000000,?), ref: 00405FFA
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#2111#2379#2860#3089#5937#6134#6136#6199ClientRect
                    • String ID: <
                    • API String ID: 3436560166-4251816714
                    • Opcode ID: 76260ef4f4c980bd64890b8db6f37e442ce26d7e797dd22b6a6081dac82b6813
                    • Instruction ID: 4f7a4c61c51c0d73fb973caa7a99a88a72348d495dfce41940b0c6b9babff26f
                    • Opcode Fuzzy Hash: 76260ef4f4c980bd64890b8db6f37e442ce26d7e797dd22b6a6081dac82b6813
                    • Instruction Fuzzy Hash: E941B071204340AFD624DB65CC81FABB7E9EFD8304F008A1EB996973C0DA74E944CB69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #3763.MFC42(?,?), ref: 004087AF
                    • GetParent.USER32(?), ref: 004087CF
                    • #2864.MFC42(00000000), ref: 004087D6
                    • SendMessageA.USER32(?,00000403,00000002,?), ref: 00408802
                    • #3763.MFC42(?,?), ref: 00408836
                    • #540.MFC42(?,?), ref: 0040883F
                    • #3874.MFC42(?), ref: 00408853
                    • GetParent.USER32(?), ref: 00408878
                    • #2864.MFC42(00000000), ref: 0040887F
                    • SendMessageA.USER32(?,00000403,00000003,?), ref: 004088AB
                    • #800.MFC42 ref: 004088BD
                    • #800.MFC42(?), ref: 004088E6
                    • GetParent.USER32(?), ref: 004088FE
                    • #2864.MFC42(00000000), ref: 00408905
                    • SendMessageA.USER32(?,00000403,00000004,?), ref: 00408931
                    • GetParent.USER32(?), ref: 0040895F
                    • #2864.MFC42(00000000), ref: 00408966
                    • SendMessageA.USER32(?,00000403,00000005,?), ref: 00408992
                      • Part of subcall function 00408A20: #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,00000000,00415038,000000FF,004085BC), ref: 00408A41
                      • Part of subcall function 00408A20: #3874.MFC42 ref: 00408A55
                      • Part of subcall function 00408A20: GetParent.USER32(?), ref: 00408AA0
                      • Part of subcall function 00408A20: #2864.MFC42(00000000), ref: 00408AA3
                      • Part of subcall function 00408A20: #3089.MFC42(00000000), ref: 00408AB1
                      • Part of subcall function 00408A20: GetParent.USER32(?), ref: 00408AF6
                      • Part of subcall function 00408A20: #2864.MFC42(00000000), ref: 00408AF9
                      • Part of subcall function 00408A20: GetParent.USER32(?), ref: 00408B04
                      • Part of subcall function 00408A20: #2864.MFC42(00000000), ref: 00408B07
                      • Part of subcall function 00408A20: #3089.MFC42(00000000), ref: 00408B10
                      • Part of subcall function 00408A20: SendMessageA.USER32(?,0000004E,00000000,00000000), ref: 00408B21
                      • Part of subcall function 00408A20: #800.MFC42 ref: 00408B33
                    • #5290.MFC42(?), ref: 00408A04
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$MessageSend$#800$#3089#3763#3874#540$#5290
                    • String ID:
                    • API String ID: 4283597796-0
                    • Opcode ID: 8c76a921ad3c7f60df222a2723d045c6373cfd7d3f74595f270960a7742fac3a
                    • Instruction ID: 9432d74f54c1dc83eef173153f842a4e94e8de4dc5caed951715adfce4dd568e
                    • Opcode Fuzzy Hash: 8c76a921ad3c7f60df222a2723d045c6373cfd7d3f74595f270960a7742fac3a
                    • Instruction Fuzzy Hash: 037195752007019FC714EF19D594AABB7E5FB98710F00892FF19693790DB38E942CB9A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004093B1
                    • #540.MFC42(?,?,?,?,?,004150F1,000000FF), ref: 004093C1
                    • #3286.MFC42(00000000,?,?,?,?,?,004150F1,000000FF), ref: 004093E3
                    • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 004093F7
                    • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 00409406
                    • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 00409413
                    • #823.MFC42(00000008,00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040941A
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00409451
                    • #3286.MFC42(00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040947B
                    • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040948F
                    • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040949E
                    • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 004094AB
                    • #823.MFC42(00000008,00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 004094B2
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 004094EA
                      • Part of subcall function 00409830: #4171.MFC42(00000000,?,00000000,00000000,004094D6,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040984B
                      • Part of subcall function 00409830: #6311.MFC42(00000000,?,00000000,00000000,004094D6,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040987A
                      • Part of subcall function 00409830: atoi.MSVCRT ref: 00409884
                    • #3286.MFC42(00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040950B
                    • #3301.MFC42(?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040951F
                    • #858.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040952E
                    • #800.MFC42(00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 0040953B
                    • #823.MFC42(0000000C,00000000,?,00000000,?,00000000,?,?,?,?,?,004150F1,000000FF), ref: 00409542
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF), ref: 00409578
                    • #800.MFC42(?,?,?,?,?,004150F1,000000FF), ref: 00409592
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #800$#3286#3301#6007#823#858$#4171#540#6311MessageSendatoi
                    • String ID:
                    • API String ID: 3055650909-0
                    • Opcode ID: f375b355526892d3bf612e04c47ee2256314144642ad6a97da6c7439ea3e7f56
                    • Instruction ID: acb1a3879ca4b7e292f7312958a7fb33978d68a362998ec40a389cd520abd24d
                    • Opcode Fuzzy Hash: f375b355526892d3bf612e04c47ee2256314144642ad6a97da6c7439ea3e7f56
                    • Instruction Fuzzy Hash: 0061FC711083406ED301DF66C881D6BBBECABD8748F04492EF5DA53392DA38DD86CB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetFocus.USER32 ref: 0040F68B
                    • #2864.MFC42(00000000), ref: 0040F692
                    • #5981.MFC42(00000000), ref: 0040F69D
                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 0040F6E4
                    • SendMessageA.USER32 ref: 0040F70F
                    • SendMessageA.USER32(?,0000101B,?,00000000), ref: 0040F723
                    • SendMessageA.USER32(?,00001203,?,0000009F), ref: 0040F73F
                    • SendMessageA.USER32(?,00001204,?,00000004), ref: 0040F75E
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F77F
                    • #6907.MFC42(-00000001,00000000,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F790
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F7A8
                    • #6907.MFC42(-00000001,?,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F7BB
                    • SendMessageA.USER32(?,00001019,00000001,00000000), ref: 0040F7F8
                    • SendMessageA.USER32(?,0000101A,00000000,00000000), ref: 0040F80E
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F81D
                    • #6907.MFC42(-00000001,00000000,000000FF,?,00000004,?,0000009F,?,00000000), ref: 0040F82E
                    • SendMessageA.USER32(?,0000101C,00000001,00000000), ref: 0040F846
                    • SendMessageA.USER32(?,0000101A,00000000,00000000), ref: 0040F864
                    • SendMessageA.USER32(?,00001019,00000000,00000000), ref: 0040F876
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040F882
                    • InvalidateRect.USER32(?,00000000,00000001,?,00000004,?,0000009F,?,00000000), ref: 0040F88C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#6907$#2864#5981FocusInvalidateRect
                    • String ID:
                    • API String ID: 1511350695-0
                    • Opcode ID: cc633797647dc0f27e08eca9206df9363c6c4c61b57217579be2a0bfc06a1b17
                    • Instruction ID: 671c9f53b909acd649cba33f1fe0f12731a9ffdb42f274ef4ebb5cb4abc21101
                    • Opcode Fuzzy Hash: cc633797647dc0f27e08eca9206df9363c6c4c61b57217579be2a0bfc06a1b17
                    • Instruction Fuzzy Hash: 05617D74240744ABE720DB24CC81FABB3A9BF88714F104B2DF695AB6D1D7B4E8458B15
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryA.KERNEL32(?), ref: 10005B5A
                    • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 10005B6E
                    • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10005B78
                    • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 10005B83
                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 10005B8E
                    • LoadLibraryA.KERNEL32(KERNEL32.dll), ref: 10005BE7
                    • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 10005BF3
                    • CloseHandle.KERNEL32(?), ref: 10005C06
                    • FreeLibrary.KERNEL32(00000000), ref: 10005C11
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AddressProc$Library$Load$CloseCurrentFreeHandleProcess
                    • String ID: .dll$.dll$AdjustTokenPrivileges$Adva$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$pi32
                    • API String ID: 3440622277-2981083830
                    • Opcode ID: f6719db7e7b9b365bd37d8f73c563355fb89a837bb4b2caf300c4311f7bdb26c
                    • Instruction ID: d05679920b740f529e548dbe94c6d3ccbe8b4e708e69d5eec8c162c300a9ea97
                    • Opcode Fuzzy Hash: f6719db7e7b9b365bd37d8f73c563355fb89a837bb4b2caf300c4311f7bdb26c
                    • Instruction Fuzzy Hash: 49317075A01218ABDB00DFB8DC89FEEBBB8FF49341F104159F905B7240DB75AA058BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetFocus.USER32 ref: 0040E8C9
                    • #2864.MFC42(00000000), ref: 0040E8D0
                    • #5981.MFC42(00000000), ref: 0040E8DB
                      • Part of subcall function 00402000: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00402014
                      • Part of subcall function 00402000: #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00402049
                      • Part of subcall function 00402000: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 0040206C
                      • Part of subcall function 00402000: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040208A
                    • GetCursorPos.USER32(00000000), ref: 0040E8E5
                    • ScreenToClient.USER32(?,?), ref: 0040E8F4
                    • #3286.MFC42(00000000), ref: 0040E92A
                    • #3293.MFC42(00000000,?,00000000,00000000), ref: 0040E97A
                    • GetClientRect.USER32(?,?), ref: 0040E988
                    • InvalidateRect.USER32(?,?,00000001), ref: 0040E9B1
                    • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040EA03
                    • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040EA20
                    • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040EA39
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040EA4A
                    • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040EA68
                    • #3293.MFC42(00000000,?,00000000), ref: 0040EA75
                    • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040EA9C
                    • SendMessageA.USER32(?,0000102C,00000000,00000001), ref: 0040EB12
                      • Part of subcall function 0040E200: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040E226
                      • Part of subcall function 0040E200: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040E24B
                      • Part of subcall function 0040E200: #3293.MFC42(?,?,00000000,?,75A91AC0,00000000), ref: 0040E26A
                      • Part of subcall function 0040E200: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040E292
                    • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040EADF
                    • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040EB04
                      • Part of subcall function 0040DA60: SendMessageA.USER32(?,00001013,?,00000001), ref: 0040DA94
                      • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DAC2
                      • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAEB
                      • Part of subcall function 0040DA60: #3293.MFC42(?,?,00000000,?,75A73EB0,?), ref: 0040DB0D
                      • Part of subcall function 0040DA60: GetClientRect.USER32(?,?), ref: 0040DB37
                      • Part of subcall function 0040DA60: SendMessageA.USER32 ref: 0040DB54
                      • Part of subcall function 0040DA60: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DB72
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$Rect$#3293Invalidate$ClientScroll$Enable$#2864#3286#3998#5981#6007CursorFocusScreenShow
                    • String ID:
                    • API String ID: 1983514702-0
                    • Opcode ID: 4aa8866544918a98a0dc14a92e8c06fef4e53a7ccaa8513487e579f2366f5b2a
                    • Instruction ID: 4cb62c8cbcdbc89643e2477cbb0c137a998defe7e5e017f4f9cdb0261ee066e9
                    • Opcode Fuzzy Hash: 4aa8866544918a98a0dc14a92e8c06fef4e53a7ccaa8513487e579f2366f5b2a
                    • Instruction Fuzzy Hash: 27919271304305ABD614DB65CC81FABB3E9FB88B04F00492EF595972D0D6B9F9068B69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$#3089$#2379MessagePost
                    • String ID:
                    • API String ID: 3939144538-0
                    • Opcode ID: f05ab3562008a426f5986c29c221154ec631a4a0dacca654b934415f81395a76
                    • Instruction ID: 322a5051621e60fae8d6f373e41ee8901c7bcaa31842c11fec6a62990a5db855
                    • Opcode Fuzzy Hash: f05ab3562008a426f5986c29c221154ec631a4a0dacca654b934415f81395a76
                    • Instruction Fuzzy Hash: 09111DB1A003147BC614BBB6CC4DCAB7FADFE993547004A5EB58887251DA3CD9818BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864#5788Window$#2860#289#537#5875#613#6197#6605#800CaptureEmptyExtentFocusMessagePoint32RectSendTextVisible
                    • String ID:
                    • API String ID: 1052973344-0
                    • Opcode ID: d6c3db9b3b6191fbc0c422a707974bef37ef60f87ce757707592b57bdba8bcd5
                    • Instruction ID: 90a86bc5717eaea7edc7356b807636edcb5d8504f2598925317ad29bc4316e4b
                    • Opcode Fuzzy Hash: d6c3db9b3b6191fbc0c422a707974bef37ef60f87ce757707592b57bdba8bcd5
                    • Instruction Fuzzy Hash: 1D512975204340AFC314DFA9C949BABBBE9FBC8714F004A2DF59583291DB74E845CB16
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001013,?,00000001), ref: 0040DA94
                      • Part of subcall function 0040EED0: SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040EEEF
                      • Part of subcall function 0040EED0: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040EF1F
                      • Part of subcall function 0040EED0: #3293.MFC42(00000000,?,00000000,75A73EB0,?,?,?,?,?,?,?,?,?,0040DAAD,?), ref: 0040EF37
                      • Part of subcall function 0040EED0: SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040EF54
                      • Part of subcall function 0040EED0: GetClientRect.USER32(?,?), ref: 0040EF63
                      • Part of subcall function 0040EED0: SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040EF84
                      • Part of subcall function 0040F560: #3092.MFC42(00000000,0040AF2D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040F562
                      • Part of subcall function 0040F560: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040F578
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DAC2
                    • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DAEB
                    • #3293.MFC42(?,?,00000000,?,75A73EB0,?), ref: 0040DB0D
                    • GetClientRect.USER32(?,?), ref: 0040DB37
                    • SendMessageA.USER32 ref: 0040DB54
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040DB72
                    • #540.MFC42 ref: 0040DB93
                    • #3089.MFC42 ref: 0040DBD4
                    • #3286.MFC42(?,?), ref: 0040DBF4
                    • #823.MFC42(00000014,?,?,?,?,?,?,?,?), ref: 0040DC20
                    • #541.MFC42 ref: 0040DC3A
                    • #800.MFC42(?), ref: 0040DC8E
                    • #823.MFC42(0000016C,?), ref: 0040DCB5
                    • #535.MFC42(00000002,?,?,?,?), ref: 0040DCF6
                    • GetParent.USER32(?), ref: 0040DD43
                    • #2864.MFC42(00000000), ref: 0040DD4A
                    • #800.MFC42 ref: 0040DE0C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$Rect$#3293#800#823Client$#2864#3089#3092#3286#535#540#541Parent
                    • String ID:
                    • API String ID: 2125008405-0
                    • Opcode ID: 9c9dc1df50332e2c5080971466a4a1179c927cd312f122361275c5d9afffaa3f
                    • Instruction ID: 09d338da64715c9e6e1d55d4981f721cd038d7b8840fd28f10bf6eaab0acce10
                    • Opcode Fuzzy Hash: 9c9dc1df50332e2c5080971466a4a1179c927cd312f122361275c5d9afffaa3f
                    • Instruction Fuzzy Hash: 05B18E706083819BD324DF69C845BABBBE5BFC4704F00492EF58997391DB78E849CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040CDF6
                    • #3286.MFC42(00000000), ref: 0040CE0B
                    • #3293.MFC42(00000000,?,00000000,00000000), ref: 0040CE52
                    • GetClientRect.USER32(?,00000000), ref: 0040CE60
                    • InvalidateRect.USER32(?,?,00000001), ref: 0040CE89
                    • InvalidateRect.USER32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040CED6
                    • ShowScrollBar.USER32(?,00000003,00000001), ref: 0040CEEF
                    • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040CF08
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CF19
                    • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040CF37
                    • #3293.MFC42(00000000,?,00000000), ref: 0040CF44
                    • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040CF6B
                      • Part of subcall function 004020A0: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 004020BD
                      • Part of subcall function 004020A0: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004020CC
                      • Part of subcall function 004020A0: #3286.MFC42(?), ref: 004020DA
                      • Part of subcall function 004020A0: SendMessageA.USER32(?,00001008,?,00000000), ref: 00402111
                      • Part of subcall function 004020A0: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00402122
                    • #3089.MFC42 ref: 0040D058
                    • GetParent.USER32(?), ref: 0040D074
                    • #2864.MFC42(00000000), ref: 0040D07B
                    • SendMessageA.USER32(?,0000004E,?,?), ref: 0040D090
                    • #5290.MFC42(?), ref: 0040D0A4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$RectScroll$#3286#3293EnableInvalidate$#2864#3089#5290ClientParentShow
                    • String ID:
                    • API String ID: 3965518664-0
                    • Opcode ID: 0847be8d228887e0225f6d030a48376d61375a3a76984ff60a88eb089bee2698
                    • Instruction ID: ac648d9285a5b68e9f96b226b63b66c91a26949667cb12823cc208f0d092e9f4
                    • Opcode Fuzzy Hash: 0847be8d228887e0225f6d030a48376d61375a3a76984ff60a88eb089bee2698
                    • Instruction Fuzzy Hash: 5491D471300700ABD724DB69CC81FABB3E9FB88714F00492EFA99972C1D679F9468759
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #540.MFC42(?,?,?,?,?,?,?,?,?,00414D68,000000FF), ref: 00406B9A
                    • #536.MFC42(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00414D68), ref: 00406BBD
                    • #535.MFC42(00000084,?,00000001), ref: 00406BF5
                    • #4129.MFC42(?,00000001,00000084,?,00000001), ref: 00406C4A
                    • #800.MFC42(?,00000001,00000084,?,00000001), ref: 00406C8B
                    • #800.MFC42(00000084,?,00000001), ref: 00406CA1
                    • #535.MFC42(00000084,?,00000001), ref: 00406CDC
                    • #535.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406D2B
                    • #4129.MFC42(?,00000001,00000084,?,00000001), ref: 00406D5A
                    • #800.MFC42(?,00000001,00000084,?,00000001), ref: 00406D9B
                    • #800.MFC42(00000084,?,00000001), ref: 00406DAD
                    • #800.MFC42(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00414D68), ref: 00406DC7
                    • #535.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00414D68,000000FF), ref: 00406DD7
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00414D68,000000FF), ref: 00406DED
                    • #535.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406E17
                    • #800.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406E2D
                    • #800.MFC42(?,?,00000001,00000084,?,00000001), ref: 00406E3B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #800$#535$#4129$#536#540
                    • String ID:
                    • API String ID: 2959236569-0
                    • Opcode ID: 11fcda6f89dd512a4e4b5b24f53c80da10001ac32d69c209abd316918dd84efa
                    • Instruction ID: 244d9658312c9fe3e01fe65112710b3d2be332992993d0e48a3e631b848db9b0
                    • Opcode Fuzzy Hash: 11fcda6f89dd512a4e4b5b24f53c80da10001ac32d69c209abd316918dd84efa
                    • Instruction Fuzzy Hash: A781D1312082859FD710CF28C490BAB7BE5AFAA358F09096DF8C6973D1D739D948C785
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ResetEvent.KERNEL32(?), ref: 100036BC
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 100036C8
                    • timeGetTime.WINMM ref: 100036CE
                    • socket.WS2_32(00000002,00000001,00000006), ref: 100036FB
                    • gethostbyname.WS2_32(?), ref: 1000371F
                    • htons.WS2_32(?), ref: 10003738
                    • connect.WS2_32(?,?,00000010), ref: 10003756
                    • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10003782
                    • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 1000379F
                    • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 100037BC
                    • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 100037D6
                    • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 1000380A
                    • InterlockedExchange.KERNEL32(?,00000001), ref: 10003813
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: setsockopt$ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
                    • String ID: 0u
                    • API String ID: 777360719-3203441087
                    • Opcode ID: b170d6e90c916d3ee9fada147adae0c9d552af2c7065ac622f97a1414975742f
                    • Instruction ID: 5ac4d1d520d1562c9a1e4cb37ee3d5268df0c4750581d13a7029842686159b39
                    • Opcode Fuzzy Hash: b170d6e90c916d3ee9fada147adae0c9d552af2c7065ac622f97a1414975742f
                    • Instruction Fuzzy Hash: BD5140B1540705ABE720DFA4CC85FAAB7F8FF48710F104619F64AAB6D0D7B0A9458B64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00411810: #384.MFC42 ref: 00411849
                      • Part of subcall function 00411810: #384.MFC42 ref: 00411859
                      • Part of subcall function 00411810: GetSysColor.USER32(00000007), ref: 00411874
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000E), ref: 0041187B
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000F), ref: 00411882
                      • Part of subcall function 00411810: GetSysColor.USER32(00000004), ref: 00411889
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000D), ref: 00411890
                      • Part of subcall function 00411810: GetSysColor.USER32(00000014), ref: 00411897
                      • Part of subcall function 00411810: GetSysColor.USER32(00000010), ref: 0041189E
                      • Part of subcall function 00411810: GetSysColor.USER32(00000011), ref: 004118A5
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000F), ref: 004118AC
                      • Part of subcall function 00411810: GetSysColor.USER32(00000014), ref: 004118B3
                      • Part of subcall function 00411810: GetSysColor.USER32(00000010), ref: 004118BA
                      • Part of subcall function 00411810: SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 004118F9
                      • Part of subcall function 00411810: CreateFontIndirectA.GDI32(?), ref: 00411907
                    • CreatePopupMenu.USER32 ref: 004079BE
                    • #1644.MFC42(00000000), ref: 004079C9
                    • AppendMenuA.USER32(?,00000000,0000E12B,&Annulla), ref: 004079E5
                    • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 004079F5
                    • AppendMenuA.USER32(?,00000000,0000E123,&Taglia), ref: 00407A08
                    • AppendMenuA.USER32(?,00000000,0000E122,&Copia), ref: 00407A1B
                    • AppendMenuA.USER32(?,00000000,0000E125,&Incolla), ref: 00407A2E
                    • GetMessagePos.USER32 ref: 00407A30
                      • Part of subcall function 00412380: #1146.MFC42(?,000000F1,?,75AE3E40), ref: 004123AE
                      • Part of subcall function 00412560: GetMenuItemCount.USER32(?), ref: 00412593
                      • Part of subcall function 00412560: GetMenuItemID.USER32(?,-00000001), ref: 004125AB
                      • Part of subcall function 00412560: GetSubMenu.USER32(?,-00000001), ref: 004125C5
                      • Part of subcall function 00412560: #2863.MFC42(00000000,?,?,?,75AE3E40), ref: 004125CC
                      • Part of subcall function 00412560: #540.MFC42(00000000,?,?,?,75AE3E40), ref: 004125F0
                      • Part of subcall function 00412560: GetMenuStringA.USER32 ref: 00412611
                      • Part of subcall function 00412560: #2919.MFC42(00000002), ref: 00412620
                      • Part of subcall function 00412560: GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412631
                      • Part of subcall function 00412560: #5572.MFC42(000000FF), ref: 00412639
                      • Part of subcall function 004128D0: GetMenuItemCount.USER32(?), ref: 004128E1
                      • Part of subcall function 004128D0: #291.MFC42 ref: 004128ED
                      • Part of subcall function 004128D0: GetMenuItemID.USER32(?,-00000001), ref: 00412915
                      • Part of subcall function 004128D0: GetSubMenu.USER32(?,-00000001), ref: 00412921
                      • Part of subcall function 004128D0: #2863.MFC42(00000000), ref: 00412928
                    • #6270.MFC42(00000002,75AE3E40,?,?,00000000,?,?,?,00000081), ref: 00407A75
                    • #2438.MFC42(00000002,75AE3E40,?,?,00000000,?,?,?,00000081), ref: 00407A7E
                      • Part of subcall function 00411960: #825.MFC42(?,?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?), ref: 004119AB
                      • Part of subcall function 00411960: GlobalFree.KERNEL32(?), ref: 004119BF
                      • Part of subcall function 00411960: GlobalFree.KERNEL32(?), ref: 004119CC
                      • Part of subcall function 00411960: DeleteObject.GDI32(?), ref: 004119DC
                      • Part of subcall function 00411960: DeleteObject.GDI32(?), ref: 004119E6
                      • Part of subcall function 00411960: #686.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 004119F0
                      • Part of subcall function 00411960: #686.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 004119FD
                      • Part of subcall function 00411960: #2438.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 00411A12
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Menu$Color$Append$Item$#2438#2863#384#686CountCreateDeleteFreeGlobalObjectString$#1146#1644#291#2919#540#5572#6270#825FontIndirectInfoMessageParametersPopupSystem
                    • String ID: &Annulla$&Copia$&Incolla$&Taglia
                    • API String ID: 1545793310-1349790597
                    • Opcode ID: ed394e64684a9b1383334efc2c6780e8103a3d110570b2e57574e80847bfba01
                    • Instruction ID: 40815f23326d3d1dfcce6d4be381c388c8cfaa4558568e76b29ba54fcd7f94b4
                    • Opcode Fuzzy Hash: ed394e64684a9b1383334efc2c6780e8103a3d110570b2e57574e80847bfba01
                    • Instruction Fuzzy Hash: 8C218671644380BBD310EB25CC56FAF77A8FB88B14F108E1EB261671D0DBB8A544CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00411810: #384.MFC42 ref: 00411849
                      • Part of subcall function 00411810: #384.MFC42 ref: 00411859
                      • Part of subcall function 00411810: GetSysColor.USER32(00000007), ref: 00411874
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000E), ref: 0041187B
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000F), ref: 00411882
                      • Part of subcall function 00411810: GetSysColor.USER32(00000004), ref: 00411889
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000D), ref: 00411890
                      • Part of subcall function 00411810: GetSysColor.USER32(00000014), ref: 00411897
                      • Part of subcall function 00411810: GetSysColor.USER32(00000010), ref: 0041189E
                      • Part of subcall function 00411810: GetSysColor.USER32(00000011), ref: 004118A5
                      • Part of subcall function 00411810: GetSysColor.USER32(0000000F), ref: 004118AC
                      • Part of subcall function 00411810: GetSysColor.USER32(00000014), ref: 004118B3
                      • Part of subcall function 00411810: GetSysColor.USER32(00000010), ref: 004118BA
                      • Part of subcall function 00411810: SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 004118F9
                      • Part of subcall function 00411810: CreateFontIndirectA.GDI32(?), ref: 00411907
                    • CreatePopupMenu.USER32 ref: 00408C4E
                    • #1644.MFC42(00000000), ref: 00408C59
                    • AppendMenuA.USER32(?,00000000,0000E12B,&Annulla), ref: 00408C75
                    • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00408C85
                    • AppendMenuA.USER32(?,00000000,0000E123,&Taglia), ref: 00408C98
                    • AppendMenuA.USER32(?,00000000,0000E122,&Copia), ref: 00408CAB
                    • AppendMenuA.USER32(?,00000000,0000E125,&Incolla), ref: 00408CBE
                    • GetMessagePos.USER32 ref: 00408CC0
                      • Part of subcall function 00412380: #1146.MFC42(?,000000F1,?,75AE3E40), ref: 004123AE
                      • Part of subcall function 00412560: GetMenuItemCount.USER32(?), ref: 00412593
                      • Part of subcall function 00412560: GetMenuItemID.USER32(?,-00000001), ref: 004125AB
                      • Part of subcall function 00412560: GetSubMenu.USER32(?,-00000001), ref: 004125C5
                      • Part of subcall function 00412560: #2863.MFC42(00000000,?,?,?,75AE3E40), ref: 004125CC
                      • Part of subcall function 00412560: #540.MFC42(00000000,?,?,?,75AE3E40), ref: 004125F0
                      • Part of subcall function 00412560: GetMenuStringA.USER32 ref: 00412611
                      • Part of subcall function 00412560: #2919.MFC42(00000002), ref: 00412620
                      • Part of subcall function 00412560: GetMenuStringA.USER32(?,-00000001,00000000,00000002,00000400), ref: 00412631
                      • Part of subcall function 00412560: #5572.MFC42(000000FF), ref: 00412639
                      • Part of subcall function 004128D0: GetMenuItemCount.USER32(?), ref: 004128E1
                      • Part of subcall function 004128D0: #291.MFC42 ref: 004128ED
                      • Part of subcall function 004128D0: GetMenuItemID.USER32(?,-00000001), ref: 00412915
                      • Part of subcall function 004128D0: GetSubMenu.USER32(?,-00000001), ref: 00412921
                      • Part of subcall function 004128D0: #2863.MFC42(00000000), ref: 00412928
                    • #6270.MFC42(00000002,75AE3E40,?,?,00000000,?,?,?,00000081), ref: 00408D05
                    • #2438.MFC42(00000002,75AE3E40,?,?,00000000,?,?,?,00000081), ref: 00408D0E
                      • Part of subcall function 00411960: #825.MFC42(?,?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?), ref: 004119AB
                      • Part of subcall function 00411960: GlobalFree.KERNEL32(?), ref: 004119BF
                      • Part of subcall function 00411960: GlobalFree.KERNEL32(?), ref: 004119CC
                      • Part of subcall function 00411960: DeleteObject.GDI32(?), ref: 004119DC
                      • Part of subcall function 00411960: DeleteObject.GDI32(?), ref: 004119E6
                      • Part of subcall function 00411960: #686.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 004119F0
                      • Part of subcall function 00411960: #686.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 004119FD
                      • Part of subcall function 00411960: #2438.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 00411A12
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Menu$Color$Append$Item$#2438#2863#384#686CountCreateDeleteFreeGlobalObjectString$#1146#1644#291#2919#540#5572#6270#825FontIndirectInfoMessageParametersPopupSystem
                    • String ID: &Annulla$&Copia$&Incolla$&Taglia
                    • API String ID: 1545793310-1349790597
                    • Opcode ID: 57f6d2f80825df69b4ffc4e955457d45af2fcb05a03277e0235c9cc6a14b9b8f
                    • Instruction ID: 998fc2722b5ad148f91e3a2c6a4790436097191df3313ed5acc9b939721e7900
                    • Opcode Fuzzy Hash: 57f6d2f80825df69b4ffc4e955457d45af2fcb05a03277e0235c9cc6a14b9b8f
                    • Instruction Fuzzy Hash: 9B217671644380BBD310EB55CC56F9B77A8FB88B14F108D1EB261661D0DBB8A544CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #6215CaptureMessageRelease$#2864ClientPostScreen$#5290FocusFromPointSendWindow
                    • String ID:
                    • API String ID: 3881921562-0
                    • Opcode ID: b11dba14254366388582f28f80d31950b5b1b83b771be32d54ec874259cb19ad
                    • Instruction ID: 7ef0630bd494bf11bfd16a7e3fb11dbd8af0e1dc4a1eee1882ec8409819dc40a
                    • Opcode Fuzzy Hash: b11dba14254366388582f28f80d31950b5b1b83b771be32d54ec874259cb19ad
                    • Instruction Fuzzy Hash: B15180722003029FD314DF28D988A67B7E5EB88310F14893EF596D7781CA78E844CB69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$#3089$#3874#540#800#858#860MessageSendWindow
                    • String ID:
                    • API String ID: 1997798510-0
                    • Opcode ID: 6ad7676e9647aa2746e4ecc4ce646beb29818e3ebbf5db422b5ca24c8ed4ff9e
                    • Instruction ID: 8229eeacf2ac0a3468327b896e1a27e5b326af2e8d233351589cca3c2b0b402c
                    • Opcode Fuzzy Hash: 6ad7676e9647aa2746e4ecc4ce646beb29818e3ebbf5db422b5ca24c8ed4ff9e
                    • Instruction Fuzzy Hash: 5241C1B5608702AFC710DF35D894AABB7E9BF99704F014A2EF49693380DB38E905CB55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004033C4
                    • #823.MFC42 ref: 004033D8
                    • SendMessageA.USER32(?,00000191,00000000,00000000), ref: 004033F4
                    • qsort.MSVCRT ref: 00403408
                    • #540.MFC42 ref: 00403424
                    • #3803.MFC42 ref: 0040343A
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040344E
                    • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 00403463
                    • SendMessageA.USER32(?,00000180,00000000,?), ref: 00403478
                    • SendMessageA.USER32(?,0000019A,00000000,?), ref: 0040348C
                    • #800.MFC42 ref: 0040349A
                    • #3092.MFC42(00000001), ref: 004034B9
                    • #4123.MFC42(00000001), ref: 004034C0
                    • #3092.MFC42(00000001,00000001,00000001), ref: 004034CF
                    • #2642.MFC42(00000001,00000001,00000001), ref: 004034D6
                    • #825.MFC42(00000000), ref: 004034E7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092$#2642#3803#4123#540#800#823#825qsort
                    • String ID:
                    • API String ID: 203305839-0
                    • Opcode ID: 0b524ef9735c622e9214ad2a49d0744776e75a851f1e965f85adf3a3fab3ee6b
                    • Instruction ID: bb40cd454307d804bf865fe63bee31a6e6225d7d17ae0637bd47aa2a1eb4652f
                    • Opcode Fuzzy Hash: 0b524ef9735c622e9214ad2a49d0744776e75a851f1e965f85adf3a3fab3ee6b
                    • Instruction Fuzzy Hash: D431D9B02403056BE610EF658C81FABB69CFF84715F004A2DF655A72C1DB79EA058B59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403544
                    • #823.MFC42 ref: 00403558
                    • SendMessageA.USER32(?,00000191,00000000,00000000), ref: 00403574
                    • qsort.MSVCRT ref: 00403588
                    • #540.MFC42 ref: 004035A4
                    • #3803.MFC42 ref: 004035BD
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004035D1
                    • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004035E6
                    • SendMessageA.USER32(?,00000180,00000000,?), ref: 004035FB
                    • SendMessageA.USER32(?,0000019A,00000000,?), ref: 0040360F
                    • #800.MFC42 ref: 0040361D
                    • #3092.MFC42(00000001), ref: 0040363C
                    • #4123.MFC42(00000001), ref: 00403643
                    • #3092.MFC42(00000001,00000001,00000001), ref: 00403652
                    • #2642.MFC42(00000001,00000001,00000001), ref: 00403659
                    • #825.MFC42(00000000), ref: 0040366A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092$#2642#3803#4123#540#800#823#825qsort
                    • String ID:
                    • API String ID: 203305839-0
                    • Opcode ID: 7f40fe13c3cc3388216605cbe1ca03649f15118775e1b90e1a427f763c02a39e
                    • Instruction ID: eef3c0061d60fa7e43df02b8316d93afb069ca21b32b713bbabb99e559c77e9f
                    • Opcode Fuzzy Hash: 7f40fe13c3cc3388216605cbe1ca03649f15118775e1b90e1a427f763c02a39e
                    • Instruction Fuzzy Hash: 7F31D9B03403047BE610EF658C91F9BB79CFF84719F000A2EF655A72C1DB79AA058B59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 10010239
                    • _memset.LIBCMT ref: 1001024C
                    • RegOpenKeyExA.ADVAPI32(1000E1E3,00000000,00000000,00020019,00000000,?,?,FCCBADC3,1000E1E3,?,00000000), ref: 10010271
                      • Part of subcall function 10010441: RegCloseKey.ADVAPI32(1000E1E3,1001041F,?,?,FCCBADC3,1000E1E3,?,00000000), ref: 1001044E
                      • Part of subcall function 10010441: RegCloseKey.ADVAPI32(00000000,?,?,FCCBADC3,1000E1E3,?,00000000), ref: 10010457
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Close_memset$Open
                    • String ID: %08X
                    • API String ID: 4292648718-3773563069
                    • Opcode ID: fcf31943138fa70f555b8d698a5d4c2e32fdd3d5bf6f25e96176bf53947d5a7c
                    • Instruction ID: b4be81d47521141898d2c9ab8986144c6e338c181cf5495c98e3a6e42169dd5d
                    • Opcode Fuzzy Hash: fcf31943138fa70f555b8d698a5d4c2e32fdd3d5bf6f25e96176bf53947d5a7c
                    • Instruction Fuzzy Hash: A56141B5A01219ABDB20DF94DCC9FDA77B8FB48710F104199F609A7180D774EA84CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetFocus.USER32 ref: 0040F278
                    • #2864.MFC42(00000000), ref: 0040F27F
                    • #5981.MFC42(00000000), ref: 0040F28A
                      • Part of subcall function 00402000: SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00402014
                      • Part of subcall function 00402000: #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00402049
                      • Part of subcall function 00402000: #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 0040206C
                      • Part of subcall function 00402000: SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040208A
                    • #3286.MFC42(00000000,00000000), ref: 0040F2BC
                    • #3293.MFC42(00000000,?,00000000,?,00000000,00000000), ref: 0040F310
                    • GetClientRect.USER32(?,00000000), ref: 0040F31E
                    • InvalidateRect.USER32(?,?,00000001,?,00000000,00000000), ref: 0040F347
                    • InvalidateRect.USER32(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040F394
                    • ShowScrollBar.USER32(?,00000003,00000001,00000000,00000000), ref: 0040F3AE
                    • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040F3C7
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040F3D8
                    • EnableScrollBar.USER32(?,00000001,00000000), ref: 0040F3F6
                    • #3293.MFC42(00000000,?,00000000), ref: 0040F403
                    • EnableScrollBar.USER32(?,00000000,-00000001), ref: 0040F42A
                    • #2379.MFC42(00000000), ref: 0040F437
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$RectScroll$#3293EnableInvalidate$#2379#2864#3286#3998#5981#6007ClientFocusShow
                    • String ID:
                    • API String ID: 1735829022-0
                    • Opcode ID: 14549c60f5f4c0e63883a2c81e7007beabaaf2dc73b042932e59fb59c741ccee
                    • Instruction ID: 17e1346d37303f29cd4d5fa0adc860efa73113d09cc69a7d101bf098e681184c
                    • Opcode Fuzzy Hash: 14549c60f5f4c0e63883a2c81e7007beabaaf2dc73b042932e59fb59c741ccee
                    • Instruction Fuzzy Hash: 1F51C171300701ABD624DB25CC81FABB3E9FB88708F10493DF696A72C0D674F9068B69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetFocus.USER32 ref: 00410268
                    • #2864.MFC42(00000000), ref: 0041026F
                    • #5981.MFC42(00000000), ref: 0041027A
                    • GetParent.USER32(?), ref: 004102A0
                    • #2864.MFC42(00000000), ref: 004102A7
                    • SendMessageA.USER32(?,00001019,00000000,?), ref: 00410307
                    • SendMessageA.USER32(?,?,?,0000101A), ref: 00410331
                    • #3092.MFC42 ref: 00410358
                    • SendMessageA.USER32(?,00001203,00000000,?), ref: 00410375
                    • SendMessageA.USER32(?,00001204,00000000,?), ref: 0041039E
                    • GetWindowRect.USER32(?,?), ref: 004103CF
                    • SendMessageA.USER32(?,00000047,00000000,?), ref: 0041040A
                    • GetFocus.USER32 ref: 0041040C
                    • #2864.MFC42(00000000), ref: 00410413
                    • #5981.MFC42(00000000), ref: 0041041E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#2864$#5981Focus$#3092ParentRectWindow
                    • String ID:
                    • API String ID: 3834894444-0
                    • Opcode ID: 47021680371bf8941cba90fb9f29fa386827500ae771a346bb521b0a36631c4e
                    • Instruction ID: fc6236c6460c3cd4bd30f73489cd97680d8584e41b02a28191d3b977099448c5
                    • Opcode Fuzzy Hash: 47021680371bf8941cba90fb9f29fa386827500ae771a346bb521b0a36631c4e
                    • Instruction Fuzzy Hash: 55512B74204304ABD720DF65C884BEBB7E9BF98704F04891EF99697380D7B4E881CB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 004036C1
                    • #3092.MFC42(00000000,?,?,?,?,?,004149B8,000000FF), ref: 004036CF
                    • #4123.MFC42(00000000,?,?,?,?,?,004149B8,000000FF), ref: 004036D6
                    • #3092.MFC42(00000001,00000001,00000000,?,?,?,?,?,004149B8,000000FF), ref: 004036E5
                    • #2642.MFC42(00000001,00000001,00000000,?,?,?,?,?,004149B8,000000FF), ref: 004036EC
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403701
                    • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 0040371D
                    • #540.MFC42(?,?,?,?,?,?,004149B8,000000FF), ref: 0040372D
                    • #3803.MFC42(00000000,?,?,?,?,?,?,?,004149B8,000000FF), ref: 00403746
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040375A
                    • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 0040376D
                    • SendMessageA.USER32(?,00000181,00000001,?), ref: 00403782
                    • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403794
                    • SendMessageA.USER32(?,00000185,00000001,00000000), ref: 004037A5
                    • #800.MFC42(?,?,?,?,?,?,004149B8,000000FF), ref: 004037BA
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092$#2642#3803#4123#540#800
                    • String ID:
                    • API String ID: 4043816869-0
                    • Opcode ID: 7bb529938238de09784c42193a3918c0208c502c4276fca3bb33ed13818e8c20
                    • Instruction ID: 4323f9b7d9cc0d0d3c313e4030e34c09e732ab415044829e2b66c85fd175c78e
                    • Opcode Fuzzy Hash: 7bb529938238de09784c42193a3918c0208c502c4276fca3bb33ed13818e8c20
                    • Instruction Fuzzy Hash: 313181713407007BE620DB668C96F9BB6ADFBC8F11F404A1DF255A72C0DAB9E9018668
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #384.MFC42 ref: 00411849
                    • #384.MFC42 ref: 00411859
                    • GetSysColor.USER32(00000007), ref: 00411874
                    • GetSysColor.USER32(0000000E), ref: 0041187B
                    • GetSysColor.USER32(0000000F), ref: 00411882
                    • GetSysColor.USER32(00000004), ref: 00411889
                    • GetSysColor.USER32(0000000D), ref: 00411890
                    • GetSysColor.USER32(00000014), ref: 00411897
                    • GetSysColor.USER32(00000010), ref: 0041189E
                    • GetSysColor.USER32(00000011), ref: 004118A5
                    • GetSysColor.USER32(0000000F), ref: 004118AC
                    • GetSysColor.USER32(00000014), ref: 004118B3
                    • GetSysColor.USER32(00000010), ref: 004118BA
                    • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 004118F9
                    • CreateFontIndirectA.GDI32(?), ref: 00411907
                      • Part of subcall function 00412330: DeleteObject.GDI32(?), ref: 0041233E
                      • Part of subcall function 00412330: GetObjectA.GDI32(?,0000003C,?), ref: 00412356
                      • Part of subcall function 00412330: CreateFontIndirectA.GDI32(?), ref: 00412369
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Color$#384CreateFontIndirectObject$DeleteInfoParametersSystem
                    • String ID:
                    • API String ID: 3440023120-0
                    • Opcode ID: 8d1eb08c04d8418ffdc1d0c2d6fc2578f45e73d127111550a8cf05df20c9603f
                    • Instruction ID: 18a99c47554b70d8501d2d4327a6ce3974b418535b4121e4bdfec03b0f7391c6
                    • Opcode Fuzzy Hash: 8d1eb08c04d8418ffdc1d0c2d6fc2578f45e73d127111550a8cf05df20c9603f
                    • Instruction Fuzzy Hash: C331F8B0904B849FD730AF76C945B9BBBE4FB84704F014D2EE1968BA90D7B9A444CF51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetParent.USER32(?), ref: 004067D0
                    • #2864.MFC42(00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 004067D7
                    • WindowFromPoint.USER32(?,?,00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 004067F9
                    • #2864.MFC42(00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 00406800
                    • IsChild.USER32(?,?), ref: 00406813
                    • #5290.MFC42(?,00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 00406851
                    • #5981.MFC42(00000000,00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 00406892
                    • #5981.MFC42 ref: 004068AA
                    • GetKeyState.USER32(00000010), ref: 004068BB
                      • Part of subcall function 00407310: GetParent.USER32(?), ref: 0040731B
                      • Part of subcall function 00407310: #2864.MFC42(00000000), ref: 00407322
                      • Part of subcall function 00407310: SendMessageA.USER32(?,00000403,00000001,?), ref: 00407357
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864$#5981Parent$#5290ChildFromMessagePointSendStateWindow
                    • String ID:
                    • API String ID: 3514343147-0
                    • Opcode ID: fb92f525d3b0b9a8ca996a9c25a9d59fd17b7ea31b7c2e969705330cdc33cba8
                    • Instruction ID: ab7b71f73f1e2b6efc3cdf22672000f6d1d7cc06f21025b0bcc2e62170e1742f
                    • Opcode Fuzzy Hash: fb92f525d3b0b9a8ca996a9c25a9d59fd17b7ea31b7c2e969705330cdc33cba8
                    • Instruction Fuzzy Hash: EF5135B16002019BCB20AF25C894BBA37AAAF85704F02853FF457A77C1C73CE865C75A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004048AD
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004048C8
                    • #3092.MFC42(000003F8), ref: 004048D5
                    • #4123.MFC42(000003F8), ref: 004048DC
                    • #6334.MFC42(00000001,000003F8), ref: 004048ED
                    • #825.MFC42(?,00000001,000003F8), ref: 00404952
                    • #823.MFC42(?,00000001,000003F8), ref: 00404965
                    • #825.MFC42(?,00000001,000003F8), ref: 00404993
                    • #823.MFC42(?,00000001,000003F8), ref: 004049A6
                    • lstrcpyA.KERNEL32(?,?), ref: 004049CA
                    • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004049DF
                    • SendMessageA.USER32(?,00000181,00000000,?), ref: 004049F5
                    • SendMessageA.USER32(?,0000019A,00000000,?), ref: 00404A0B
                    • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 00404A1C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#823#825$#3092#4123#6334lstrcpy
                    • String ID:
                    • API String ID: 2566407596-0
                    • Opcode ID: ef11f89cc4b863f81e9ac4f6cb6b91fcfecb7234e8015d7646eb2fc452eafd8b
                    • Instruction ID: b5d551defbf80556cf573f7b3e5f14363e458e4b67514e127935fc8051896f6e
                    • Opcode Fuzzy Hash: ef11f89cc4b863f81e9ac4f6cb6b91fcfecb7234e8015d7646eb2fc452eafd8b
                    • Instruction Fuzzy Hash: E0418FB57007456BD220CB35CC91FA7B3A9AB84704F148A29F69A9B381DA35FC46C798
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403811
                    • #3092.MFC42(00000000,?,?,?,?,?,004149D8,000000FF), ref: 0040381F
                    • #4123.MFC42(00000000,?,?,?,?,?,004149D8,000000FF), ref: 00403826
                    • #3092.MFC42(00000001,00000001,00000000,?,?,?,?,?,004149D8,000000FF), ref: 00403835
                    • #2642.MFC42(00000001,00000001,00000000,?,?,?,?,?,004149D8,000000FF), ref: 0040383C
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00403851
                    • #540.MFC42(?,?,?,?,?,?,004149D8,000000FF), ref: 00403862
                    • #3803.MFC42(00000000,?,?,?,?,?,?,?,004149D8,000000FF), ref: 0040387B
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040388F
                    • SendMessageA.USER32(?,00000182,00000000,00000000), ref: 004038A2
                    • SendMessageA.USER32(?,00000181,-00000001,?), ref: 004038B7
                    • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 004038C9
                    • SendMessageA.USER32(?,00000185,00000001,00000000), ref: 004038DA
                    • #800.MFC42(?,?,?,?,?,?,004149D8,000000FF), ref: 004038EF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092$#2642#3803#4123#540#800
                    • String ID:
                    • API String ID: 4043816869-0
                    • Opcode ID: 1dd89793a408c75427b0f40208250459b6aa22dad8165642fd985f446d014993
                    • Instruction ID: 79e4e5f7492e236eebe579ec2ee851ff8a2ca0b2f404aa9d778eccce3e65c813
                    • Opcode Fuzzy Hash: 1dd89793a408c75427b0f40208250459b6aa22dad8165642fd985f446d014993
                    • Instruction Fuzzy Hash: F731A7713407407BE624EB668C96F9BB6EDFBC4B11F404A1DF255972C0DAB8E9018729
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Rect$#2864Parent$Invalidate$#2379#825CaptureEmptyReleaseUpdateWindow
                    • String ID:
                    • API String ID: 3105689944-0
                    • Opcode ID: d163e31feb50dc7a5399313e39875b085d87dfa89e3ae29e6feed5662b23c897
                    • Instruction ID: 31a7480ed4831eda46937653b1d1bbff7dff72c87ae2d502334c954aa2367c00
                    • Opcode Fuzzy Hash: d163e31feb50dc7a5399313e39875b085d87dfa89e3ae29e6feed5662b23c897
                    • Instruction Fuzzy Hash: 08314975210B00AFD6209B61DC84FA7B7A9FB89704F11892EF58297781D679E8418F18
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #470.MFC42 ref: 004080E2
                    • SendMessageA.USER32 ref: 004080FC
                    • #2860.MFC42(00000000), ref: 00408103
                    • #5788.MFC42(00000000,00000000), ref: 0040810D
                    • GetClientRect.USER32(?,?), ref: 0040811D
                    • GetSysColor.USER32(00000005), ref: 00408125
                    • #2754.MFC42(00000000,00000000), ref: 00408135
                    • #5875.MFC42(00000001,00000000,00000000), ref: 00408140
                    • #540.MFC42(00000001,00000000,00000000), ref: 0040814B
                    • #3874.MFC42(?,00000001,00000000,00000000), ref: 0040815C
                    • #5875.MFC42(00000000), ref: 0040817E
                    • #5788.MFC42(00000000,00000000), ref: 00408188
                    • #800.MFC42(00000000,00000000), ref: 00408196
                    • #755.MFC42(00000000,00000000), ref: 004081A7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #5788#5875$#2754#2860#3874#470#540#755#800ClientColorMessageRectSend
                    • String ID:
                    • API String ID: 883975206-0
                    • Opcode ID: f438789e8d130af4d060666811fee18db040394c90e17e285003bd4e0d88666f
                    • Instruction ID: 260953d53c0ebbf3d70606962b30e6f100f808da3c87b6abd55cd76b959b2cfb
                    • Opcode Fuzzy Hash: f438789e8d130af4d060666811fee18db040394c90e17e285003bd4e0d88666f
                    • Instruction Fuzzy Hash: 96214F72104740AFC214EB61CC5AFDBB7E8FB98B14F004A1DF5A6931D1DB78AA44CB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$#3089$#2379MessageSend
                    • String ID:
                    • API String ID: 389268762-0
                    • Opcode ID: d7909cd43041fec4f5fb453a3a0d607cd9a6ba3675ebc5964b2c43a3571c509e
                    • Instruction ID: d21d4768f0957b5434878c84e6b7fba95c26ba4f51871ed04b64ffc5f917c6b3
                    • Opcode Fuzzy Hash: d7909cd43041fec4f5fb453a3a0d607cd9a6ba3675ebc5964b2c43a3571c509e
                    • Instruction Fuzzy Hash: B91154B1600300ABC714FBB29C49DAB77A9FFD83547014A2EB59587251DA3CE941CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$#3089$#2379MessagePost
                    • String ID:
                    • API String ID: 3939144538-0
                    • Opcode ID: fb64878a9e741eee384ed685a7bf5625e9803f1984ff3a3c02ba0482dc03c8ea
                    • Instruction ID: 726982d3b1b0d2f924f8aaa5f778ded7474c566ae585377aa6871cecf2a0406a
                    • Opcode Fuzzy Hash: fb64878a9e741eee384ed685a7bf5625e9803f1984ff3a3c02ba0482dc03c8ea
                    • Instruction Fuzzy Hash: F70152B15003047BC610FBB69C49CAB7BA9FFD83547014E2EF58587251EA3CE881CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001032,00000000,00000000), ref: 0040EC43
                    • #540.MFC42 ref: 0040EC52
                    • #3089.MFC42 ref: 0040EC8E
                      • Part of subcall function 00410570: SendMessageA.USER32 ref: 004105B6
                      • Part of subcall function 00410570: #6907.MFC42(00000000,?,000000FF,00000000), ref: 004105C9
                      • Part of subcall function 00410570: SendMessageA.USER32(?,0000100D,00000000,00418228), ref: 004105DD
                    • SendMessageA.USER32(?,0000100C,000000FF,00000002), ref: 0040ECA8
                    • #3286.MFC42(00000000,?), ref: 0040ECCA
                    • #860.MFC42(?,00000000,?), ref: 0040ECDB
                    • SendMessageA.USER32(?,0000100C,00000000,00000002), ref: 0040ED2D
                    • #5981.MFC42 ref: 0040ED3F
                    • #540.MFC42 ref: 0040ED6D
                    • #3089.MFC42 ref: 0040EDAE
                    • #3286.MFC42(?,?), ref: 0040EDD7
                    • #860.MFC42(?,?,?), ref: 0040EDE8
                    • #800.MFC42(?,?,?,?,?,?,?), ref: 0040EE41
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3089#3286#540#860$#5981#6907#800
                    • String ID:
                    • API String ID: 521315000-0
                    • Opcode ID: f6cad8b3307baf5d87289b6a3b8bd0b217905ee4227d1d2a132d603b1d9a3fdb
                    • Instruction ID: e5ea12bdf02884bc584f6cb5a1d62101b331c51d5ce742fac030f60930c30983
                    • Opcode Fuzzy Hash: f6cad8b3307baf5d87289b6a3b8bd0b217905ee4227d1d2a132d603b1d9a3fdb
                    • Instruction Fuzzy Hash: FF615BB06087449FC724DF26C880A6BBBE5BBC8714F104E1EF59597391CB78E845CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00407ECA
                    • #540.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407EDA
                    • #3803.MFC42(00000000,?,?,?,?,?,00414F58,000000FF), ref: 00407EEF
                    • #4171.MFC42(00000000,?,?,?,?,?,00414F58,000000FF), ref: 00407EF8
                    • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00407F0B
                    • #6311.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407F11
                    • #800.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407F22
                    • #4171.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407F53
                    • SendMessageA.USER32(?,00000402,?,00000000), ref: 00407F69
                    • #6311.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407F71
                    • #5981.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407E9A
                      • Part of subcall function 00406760: GetClientRect.USER32(?,?), ref: 0040676F
                      • Part of subcall function 00406760: InvalidateRect.USER32(?,?,00000001,?,?,00000000,?,00000000), ref: 004067A3
                    • #5981.MFC42(?,?,?,?,00414F58,000000FF), ref: 00407F9E
                    • #5290.MFC42(?,?,?,?,?,00414F58,000000FF), ref: 00407FCE
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#4171#5981#6311Rect$#3803#5290#540#800ClientInvalidate
                    • String ID:
                    • API String ID: 2697405086-0
                    • Opcode ID: 7b2daca76295f7ede629916157dc375084794f6c56f9f6f0a3e8d364a3b27057
                    • Instruction ID: a0f56657da57533cb388812e068240b2a7d9fe9d4aa8de578e5e206b474b8e53
                    • Opcode Fuzzy Hash: 7b2daca76295f7ede629916157dc375084794f6c56f9f6f0a3e8d364a3b27057
                    • Instruction Fuzzy Hash: A4417D752047019FC314EB15D891FAAB3A5FBC8B14F00492EFA56877C1CB39E845CB6A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2379.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407D5B
                    • IsWindow.USER32(?), ref: 00407D75
                    • #5981.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407D86
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00407DAE
                    • #540.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407DBE
                    • #3803.MFC42(00000000,?,?,?,?,?,?,00414F38,000000FF), ref: 00407DD3
                    • #4171.MFC42(00000000,?,?,?,?,?,?,00414F38,000000FF), ref: 00407DDC
                    • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00407DEF
                    • #6311.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407DF5
                    • #800.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407E06
                    • #4171.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407E19
                    • SendMessageA.USER32(?,00000402,?,00000000), ref: 00407E2F
                    • #6311.MFC42(?,?,?,?,?,00414F38,000000FF), ref: 00407E37
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#4171#6311$#2379#3803#540#5981#800Window
                    • String ID:
                    • API String ID: 1959545760-0
                    • Opcode ID: 70bcb77f4d1847518021037c0a264cb67db12ebcdd075770dc9bc482f5e58c91
                    • Instruction ID: 159761912fbe06956d3b0f4fc0232f96f2af9d2e0a9b7a8626951a55b7806a57
                    • Opcode Fuzzy Hash: 70bcb77f4d1847518021037c0a264cb67db12ebcdd075770dc9bc482f5e58c91
                    • Instruction Fuzzy Hash: B0317E71604600ABC324DB65CC45F6BB3A8FF88714F104A6EF256976D0DB39EC41C7A9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2379.MFC42 ref: 00408646
                    • GetParent.USER32(?), ref: 0040865E
                    • #2864.MFC42(00000000), ref: 00408665
                    • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 0040867A
                    • #2860.MFC42(00000000), ref: 0040867D
                    • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00408692
                    • #6199.MFC42(?), ref: 0040869A
                    • #5981.MFC42(?), ref: 004086A1
                    • #6134.MFC42(00000000,000000FF,?), ref: 004086AC
                    • GetCursorPos.USER32(?), ref: 004086BD
                    • ScreenToClient.USER32(?,?), ref: 004086CC
                    • PostMessageA.USER32(?,00000201,00000000,?), ref: 004086FD
                    • PostMessageA.USER32(?,00000202,00000000,?), ref: 00408724
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Message$PostSend$#2379#2860#2864#5981#6134#6199ClientCursorParentScreen
                    • String ID:
                    • API String ID: 3385793932-0
                    • Opcode ID: 4677377fcda4bf1ca0d8aa3d527727dc86e08eb09617ee78c078630b289a38f5
                    • Instruction ID: 909cf5efc643dc2923583ebc009ca062690d80fd2deb8bf647c60e19840d0645
                    • Opcode Fuzzy Hash: 4677377fcda4bf1ca0d8aa3d527727dc86e08eb09617ee78c078630b289a38f5
                    • Instruction Fuzzy Hash: 4221D1712003006BEA24EB74CC5AFBB77A9EFD4710F148A3EF595972C0CA78E840C658
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00410160: #823.MFC42(00000014,?,?,?,0041582B,000000FF), ref: 0041018B
                      • Part of subcall function 00402740: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0040275E
                      • Part of subcall function 00402740: GlobalAlloc.KERNEL32(00000040,00000030,00000000,004026AB,?,?,?,?,?,?,?,?), ref: 0040276A
                      • Part of subcall function 00402AD0: #825.MFC42(?), ref: 00402AE6
                      • Part of subcall function 00402AD0: #823.MFC42(00000000), ref: 00402AFF
                      • Part of subcall function 00402B40: #540.MFC42 ref: 00402B61
                      • Part of subcall function 00402B40: #540.MFC42 ref: 00402B70
                      • Part of subcall function 00402B40: #540.MFC42 ref: 00402B7E
                      • Part of subcall function 00402B40: #2818.MFC42(?,GfxLists\%s,?), ref: 00402B97
                      • Part of subcall function 00402B40: #1168.MFC42 ref: 00402B9F
                      • Part of subcall function 00402B40: #3521.MFC42(?,NumDef,00000000), ref: 00402BB4
                      • Part of subcall function 00402B40: #800.MFC42 ref: 00402BC8
                      • Part of subcall function 00402B40: #800.MFC42 ref: 00402BD6
                      • Part of subcall function 00402B40: #800.MFC42 ref: 00402BE7
                      • Part of subcall function 0040D5A0: #6197.MFC42(00000000,00000000,00000000,00000000,00000000,?), ref: 0040D5E6
                    • #6197.MFC42(00000000,00000000,00000000,00000000,00000000,00000020,00000008,The Combox,00000000,00000000,00000078,00000022,000000FF,00000000,00000006,00000000), ref: 00413C55
                    • SendMessageA.USER32(?,0000102F,000000C8,00000000), ref: 00413C71
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#800$#6197#823AllocGlobal$#1168#2818#3521#825MessageSend
                    • String ID: Colonna 0$Colonna 1$Colonna 2$Colonna 3$Image 1$Image 2$Image 3$The Combox$TheMainList
                    • API String ID: 4158869424-3160562909
                    • Opcode ID: 8f251a68ed94247f94220eb8d856ccca85db0bb98959d22605c0f49fb5f0d318
                    • Instruction ID: c5782a6565253da43fffe287bb1054b834c91d7b51a5e91ca39454a7e530e01f
                    • Opcode Fuzzy Hash: 8f251a68ed94247f94220eb8d856ccca85db0bb98959d22605c0f49fb5f0d318
                    • Instruction Fuzzy Hash: 424148703C4B1076F529AA228C5BFAE6551AB84F58F20021EF7253E2D2CBFD7585478D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401EA2
                    • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401EAF
                    • #540.MFC42(?,?,00000000,00000000), ref: 00401EC6
                    • #2818.MFC42(?,Categoria: %s (%d element%c),?,?,?), ref: 00401EFC
                    • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 00401F16
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00401F34
                    • #3998.MFC42(00000001,00000001,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000), ref: 00401F63
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,00000001,000000FF,00000000,00000000,00000000,00000000,00000000), ref: 00401F88
                    • #800.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 00401FAE
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401FDA
                    Strings
                    • Categoria: %s (%d element%c), xrefs: 00401EF6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3998#6007$#2818#540#800
                    • String ID: Categoria: %s (%d element%c)
                    • API String ID: 3038386888-3571718097
                    • Opcode ID: f5bb7aa1df548d9a3f51e74c6f55e1ed99e502cde91e432a8be1bad6c4e5bb00
                    • Instruction ID: dd84edbdcf9127a6fe13b4aa12f99ed154d02f7856b2ff1efb8a2121ffb6fd34
                    • Opcode Fuzzy Hash: f5bb7aa1df548d9a3f51e74c6f55e1ed99e502cde91e432a8be1bad6c4e5bb00
                    • Instruction Fuzzy Hash: 0C419074740305ABD324DF15CC82FA6B7A5FB88B24F20461DFA55AB2C1C778E9468798
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004046B2
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004046CB
                    • #3092.MFC42(000003FA), ref: 004046D6
                    • #4123.MFC42(000003FA), ref: 004046DD
                    • #289.MFC42(?,000003FA), ref: 004046EF
                    • #537.MFC42 ref: 00404705
                    • GetTextExtentPoint32A.GDI32(?,?,?,000003FA), ref: 0040471D
                    • #800.MFC42 ref: 00404727
                    • #6334.MFC42(00000001), ref: 00404730
                    • #613.MFC42(00000001), ref: 0040476D
                    Strings
                    • AbCdEfGhIj MnOpQrStUvWxYz, xrefs: 004046F4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#289#3092#4123#537#613#6334#800ExtentPoint32Text
                    • String ID: AbCdEfGhIj MnOpQrStUvWxYz
                    • API String ID: 3117280295-3477557351
                    • Opcode ID: 621d622dec313a753f0a8a25cf3b1e2aa744f90154d187ad2f2b0263b18809c1
                    • Instruction ID: e3533740cf2b615927e025bc4807559d17b15ae5eef9f439e637accb7beebba7
                    • Opcode Fuzzy Hash: 621d622dec313a753f0a8a25cf3b1e2aa744f90154d187ad2f2b0263b18809c1
                    • Instruction Fuzzy Hash: 7421F471240301AFD718DB29CC51FAAB7E8EBC8714F008A2EF2569B2D0DB78E941CB45
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,00000000,00415038,000000FF,004085BC), ref: 00408A41
                    • #3874.MFC42 ref: 00408A55
                    • GetParent.USER32(?), ref: 00408AA0
                    • #2864.MFC42(00000000), ref: 00408AA3
                    • #3089.MFC42(00000000), ref: 00408AB1
                    • GetParent.USER32(?), ref: 00408AF6
                    • #2864.MFC42(00000000), ref: 00408AF9
                    • GetParent.USER32(?), ref: 00408B04
                    • #2864.MFC42(00000000), ref: 00408B07
                    • #3089.MFC42(00000000), ref: 00408B10
                    • SendMessageA.USER32(?,0000004E,00000000,00000000), ref: 00408B21
                    • #800.MFC42 ref: 00408B33
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$#3089$#3874#540#800MessageSend
                    • String ID:
                    • API String ID: 3277556153-0
                    • Opcode ID: 371dec3c23a894a897ffe9998ae5961e0d89ce1547ef603b9b216986f66f8652
                    • Instruction ID: 6740722cb2bfb5c93d03404f37edcee07602d8ded189a0f47211d2733f16210c
                    • Opcode Fuzzy Hash: 371dec3c23a894a897ffe9998ae5961e0d89ce1547ef603b9b216986f66f8652
                    • Instruction Fuzzy Hash: 1F319AB5604740AFC310DF69C895AABBBE5FB89314F044A2EF8D983380DB38E945CB55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ResetEvent.KERNEL32(?), ref: 025552C0
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 025552CC
                    • timeGetTime.WINMM ref: 025552D2
                    • socket.WS2_32(00000002,00000001,00000006), ref: 025552FF
                    • gethostbyname.WS2_32(?), ref: 02555323
                    • htons.WS2_32(?), ref: 0255533C
                    • connect.WS2_32(?,?,00000010), ref: 0255535A
                    • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 0255540E
                    • InterlockedExchange.KERNEL32(?,00000001), ref: 02555417
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
                    • String ID: 0u
                    • API String ID: 3940796591-3203441087
                    • Opcode ID: 44b78ebaed8276bf328f1af2ef39a93ab0047fa231ed9220fb85aab4471c1ac2
                    • Instruction ID: 38f1175774e47de06c7e3caf65cfb53802aa5844dfe262d5cd973eabfa25ce7c
                    • Opcode Fuzzy Hash: 44b78ebaed8276bf328f1af2ef39a93ab0047fa231ed9220fb85aab4471c1ac2
                    • Instruction Fuzzy Hash: 57515D71640705AFE720DFA4CC85FAAB7F9FF48700F104619F64AA72D0E7B0A9098B64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000ACDD
                    • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 1000AD1A
                    • InternetCloseHandle.WININET(00000000), ref: 1000AD27
                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 1000AD68
                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 1000ADA1
                    • InternetCloseHandle.WININET(00000000), ref: 1000ADE3
                    • InternetCloseHandle.WININET(00000000), ref: 1000ADE6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Internet$CloseHandle$FileOpenRead
                    • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
                    • API String ID: 3539267403-909499719
                    • Opcode ID: 057ef54b722c878cc15c6e2552259a758889fa90352aa7e8e989375b257df348
                    • Instruction ID: f5c78b7903c8ffb58dd93ce4a8889aa51d6ae73d5fc2739f2fe7b33a843f9eaf
                    • Opcode Fuzzy Hash: 057ef54b722c878cc15c6e2552259a758889fa90352aa7e8e989375b257df348
                    • Instruction Fuzzy Hash: F941CAB1900158ABEB20DB25CC84FDBB7BCEF85650F5445AAF60697244DB309EC5CFA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #4710.MFC42 ref: 0040314E
                    • #540.MFC42(?,?,?,?,?,?,00414960,000000FF), ref: 00403184
                    • #860.MFC42(?,?,?,?,?,?,?,?,?,?,00414960,000000FF), ref: 004031BD
                    • SendMessageA.USER32(?,00000180,00000000,?), ref: 0040320F
                    • SendMessageA.USER32(?,0000019A,00000000,?), ref: 00403229
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00414960,000000FF), ref: 00403237
                    • #540.MFC42(?,?,?,?,?,?,?,00414960,000000FF), ref: 00403284
                    • #860.MFC42(?,?,?,?,?,?,?,?,?,?,00414960,000000FF), ref: 004032BC
                    • SendMessageA.USER32(?,00000180,00000000,00000000), ref: 0040330E
                    • SendMessageA.USER32(?,0000019A,00000000,?), ref: 00403328
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00414960,000000FF), ref: 00403336
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#540#800#860$#4710
                    • String ID:
                    • API String ID: 3386122782-0
                    • Opcode ID: 9c9519579686bed14537888205b019bbba279c658519b7841e9671102e33c151
                    • Instruction ID: 0450be03c2868502da168dadd09a97e5e8a962fa41c2e332e41bf10d551cd83a
                    • Opcode Fuzzy Hash: 9c9519579686bed14537888205b019bbba279c658519b7841e9671102e33c151
                    • Instruction Fuzzy Hash: 8E6112742043459FC310DF24C850AA3BBA9BF99715F148A6DF4869B3C1DB39ED06CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WaitForSingleObject.KERNEL32(?,000000FF,FCCBADC3), ref: 1000F13D
                    • SetLastError.KERNEL32(00000000), ref: 1000F14B
                    • CancelWaitableTimer.KERNEL32(?), ref: 1000F15E
                    • CloseHandle.KERNEL32(?), ref: 1000F19B
                    • DeleteCriticalSection.KERNEL32(?), ref: 1000F213
                    • DeleteCriticalSection.KERNEL32(?), ref: 1000F219
                    • CloseHandle.KERNEL32(?), ref: 1000F230
                    • CloseHandle.KERNEL32(?), ref: 1000F253
                    • CloseHandle.KERNEL32(?), ref: 1000F276
                      • Part of subcall function 100042C0: GetCurrentThreadId.KERNEL32 ref: 100042C4
                      • Part of subcall function 10001600: HeapFree.KERNEL32(?,00000000,?,?,75923070,?,100041C6,?,?,?,?,?,10026048,000000FF), ref: 10001641
                    • DeleteCriticalSection.KERNEL32(?), ref: 1000F2A0
                      • Part of subcall function 1000EC90: HeapDestroy.KERNEL32(00000000,FCCBADC3,?,?,?,?,100268D3,000000FF), ref: 1000ECD0
                      • Part of subcall function 1000EC90: HeapCreate.KERNEL32(00000001,?,?,FCCBADC3,?,?,?,?,100268D3,000000FF), ref: 1000ECE2
                      • Part of subcall function 1000EC90: _free.LIBCMT ref: 1000ECF2
                      • Part of subcall function 1000EC90: HeapDestroy.KERNEL32(?,?,?,?,?,100268D3,000000FF), ref: 1000ED20
                    • CloseHandle.KERNEL32(?), ref: 1000F2E0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseHandle$Heap$CriticalDeleteSection$Destroy$CancelCreateCurrentErrorFreeLastObjectSingleThreadTimerWaitWaitable_free
                    • String ID:
                    • API String ID: 754152041-0
                    • Opcode ID: 803b41dd43e1aad063edcfc490da3e069f4f131757e3dbdbd9800f7fd46d009a
                    • Instruction ID: ef8cb0a6601d6fd136a0d8d9b4a67522896ae9233d21c9b2ea69c4e7d03e573f
                    • Opcode Fuzzy Hash: 803b41dd43e1aad063edcfc490da3e069f4f131757e3dbdbd9800f7fd46d009a
                    • Instruction Fuzzy Hash: DF51CE74500745DBE711DB78CC84BEAB7E8EF44384F104A5CE99AE3689DB34BA05CA61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                    • String ID:
                    • API String ID: 801014965-0
                    • Opcode ID: 450e9f19a73115ea5b04daaef808c105edc906df1faaa3625cb012bbdf61903b
                    • Instruction ID: ba8649afb8da947ea3a9b5678ec3d4a0e6a4b2c888b6227711766a13fe21937c
                    • Opcode Fuzzy Hash: 450e9f19a73115ea5b04daaef808c105edc906df1faaa3625cb012bbdf61903b
                    • Instruction Fuzzy Hash: C54192B5940348AFCB20DFA4DC45AEA7BB8FB4A714F20412FF56197391D7788880CB68
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 02557E44: CloseHandle.KERNEL32(00000000,00000000,00000128,00000002,00000000), ref: 02557EB2
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 02561344
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 0256135E
                    • LookupPrivilegeValueA.ADVAPI32(00000000,10027888,?), ref: 0256137F
                      • Part of subcall function 02560514: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 02560532
                      • Part of subcall function 02560514: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 02560572
                    • GetLengthSid.ADVAPI32(?), ref: 025614D8
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 025614EC
                      • Part of subcall function 02561314: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 025611CF
                      • Part of subcall function 02561314: Thread32First.KERNEL32(00000000,?), ref: 025611E5
                      • Part of subcall function 02561314: Thread32Next.KERNEL32(00000000,0000001C), ref: 025612CA
                      • Part of subcall function 02561314: CloseHandle.KERNEL32(00000000,00000000,?,00000004,00000000,1002F840), ref: 025612D8
                      • Part of subcall function 02560744: PostThreadMessageA.USER32(?,?,?,?), ref: 02560771
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 02561517
                    • CloseHandle.KERNEL32(?), ref: 02561535
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 0256154D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseHandle$ProcessToken$LookupOpenPrivilegeThread32Value$AdjustCreateFirstInformationLengthMessageNextPostPrivilegesSnapshotTerminateThreadToolhelp32
                    • String ID:
                    • API String ID: 174829095-3916222277
                    • Opcode ID: 213aba8568fce8b2ef577c7bb5b8b59842359c6621ed9df50aac7cc3ebc13974
                    • Instruction ID: 498a4515ef80e174461b5c609511f99b0ccd7b54c23a9fdd2283522f725bf9ce
                    • Opcode Fuzzy Hash: 213aba8568fce8b2ef577c7bb5b8b59842359c6621ed9df50aac7cc3ebc13974
                    • Instruction Fuzzy Hash: 71614E71A51209BBDF10EBA4DC89FEEB77ABB94704F104518F604BB280DBB5A905CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 10005153
                    • SetWaitableTimer.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 10005199
                    • WSAWaitForMultipleEvents.WS2_32(00000004,?,00000000,000000FF,00000000), ref: 1000520A
                    • GetCurrentThreadId.KERNEL32 ref: 10005235
                    • GetLastError.KERNEL32(?,00000000,000000FF,00000000), ref: 100052D5
                    • SetLastError.KERNEL32(0000139F,?,00000000,000000FF,00000000), ref: 10005303
                    • WSAGetLastError.WS2_32(?,00000000,000000FF,00000000), ref: 1000531A
                    Strings
                    • ---------------> Client Worker Thread 0x%08X stoped <---------------, xrefs: 1000523C
                    • ---------------> Client Worker Thread 0x%08X started <---------------, xrefs: 1000515A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast$CurrentThread$EventsMultipleTimerWaitWaitable
                    • String ID: ---------------> Client Worker Thread 0x%08X started <---------------$---------------> Client Worker Thread 0x%08X stoped <---------------
                    • API String ID: 3058130114-654994865
                    • Opcode ID: b0f53516f3ccbf18a2b4f95354d7e3aec96e46994ac8e91048230a6515a475ce
                    • Instruction ID: 75826b5da9d58a071297a3ccbb332171ab7df2cc0f1ff2038a40a15ac9f93e92
                    • Opcode Fuzzy Hash: b0f53516f3ccbf18a2b4f95354d7e3aec96e46994ac8e91048230a6515a475ce
                    • Instruction Fuzzy Hash: 6251DD74600B019BF720CF24CD81B9BB7E4FF06781F604529E95A9B289EB32F941CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryA.KERNEL32(?), ref: 0255775E
                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 02557792
                    • LoadLibraryA.KERNEL32(100276E0), ref: 025577EB
                    • CloseHandle.KERNEL32(?), ref: 0255780A
                    • FreeLibrary.KERNEL32(00000000), ref: 02557815
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Library$Load$CloseCurrentFreeHandleProcess
                    • String ID: .dll$.dll$Adva$pi32
                    • API String ID: 1168765234-4072471222
                    • Opcode ID: 869a8a45ff34f0271893c65d9bb4e1635caac1154f612dc0fec2acdf2d79065a
                    • Instruction ID: 6374845ecffe05d94426fdfeafe465e1249ddf523501ead16618b789c19e6ed0
                    • Opcode Fuzzy Hash: 869a8a45ff34f0271893c65d9bb4e1635caac1154f612dc0fec2acdf2d79065a
                    • Instruction Fuzzy Hash: 61315A71A41218ABDB10DFB8DC99FEEBBB8FF49710F104159F909A7240DB74A905CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #825.MFC42(?,?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?), ref: 004119AB
                    • GlobalFree.KERNEL32(?), ref: 004119BF
                    • GlobalFree.KERNEL32(?), ref: 004119CC
                    • DeleteObject.GDI32(?), ref: 004119DC
                    • DeleteObject.GDI32(?), ref: 004119E6
                    • #686.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 004119F0
                    • #686.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 004119FD
                    • #2438.MFC42(?,75AE3E40,?,?,00000000,004159B6,000000FF,00407A94,00000002,75AE3E40,?,?,00000000,?,?,?), ref: 00411A12
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #686DeleteFreeGlobalObject$#2438#825
                    • String ID: @A
                    • API String ID: 3662887312-361999007
                    • Opcode ID: 580ab1a2351d2e38a787daafeb8b8bdd655dd3eafa0675d802cf0a7617fced7c
                    • Instruction ID: db55be39aac2c8d9436daadf1358d04ddd101e1c919e1335e2a1a86f5539b7b6
                    • Opcode Fuzzy Hash: 580ab1a2351d2e38a787daafeb8b8bdd655dd3eafa0675d802cf0a7617fced7c
                    • Instruction Fuzzy Hash: D7217FB12047418BD320DF6AC881F97B7E8AB84750F04492EF996C3751DB78E884CBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #860.MFC42(0041BB74), ref: 0041361F
                      • Part of subcall function 0040F650: SendMessageA.USER32 ref: 0040F66E
                    • #860.MFC42(0041B87C,?,0041BB74), ref: 0041363C
                    • #860.MFC42(0041B878,?,0041BB74), ref: 00413652
                    Strings
                    • %d, %d, xrefs: 004136B2
                    • ma perche' non funziona ? non riesco a capire, porcaccia miseria %d, xrefs: 00413699
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #860$MessageSend
                    • String ID: %d, %d$ma perche' non funziona ? non riesco a capire, porcaccia miseria %d
                    • API String ID: 272421880-2169086710
                    • Opcode ID: 90079909d40366e84c81689ebbc45ddb039f475bbcb21045c44622da5187f7b4
                    • Instruction ID: fc6143e228e0b74dcd230a2f9a1aef95f9bd7c1515fbd46fafa0b48191f8d1ae
                    • Opcode Fuzzy Hash: 90079909d40366e84c81689ebbc45ddb039f475bbcb21045c44622da5187f7b4
                    • Instruction Fuzzy Hash: E1018C73B44210628860B91B6842EEF1359C6E5F25F114C3BF242A6391C74C9ED781FE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • socket.WS2_32(00000002,00000002,00000011), ref: 10003893
                    • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 100038CD
                    • setsockopt.WS2_32(?,0000FFFF,000000FB,?,00000004), ref: 100038EA
                    • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 100038FD
                    • WSACreateEvent.WS2_32 ref: 100038FF
                    • gethostbyname.WS2_32(?), ref: 10003909
                    • htons.WS2_32(?), ref: 10003922
                    • WSAEventSelect.WS2_32(?,?,00000030), ref: 10003940
                    • connect.WS2_32(?,?,00000010), ref: 10003955
                    • WSAGetLastError.WS2_32 ref: 10003964
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Eventsetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
                    • String ID:
                    • API String ID: 2147236057-0
                    • Opcode ID: 88f85faefca072869196ae0370c85f62b489ea3e1298bee62e1138d91d440db9
                    • Instruction ID: bed5089ebcf2124706dcb24602214a469257fdf8ca836d0d61f689d3046f86aa
                    • Opcode Fuzzy Hash: 88f85faefca072869196ae0370c85f62b489ea3e1298bee62e1138d91d440db9
                    • Instruction Fuzzy Hash: 37314075A00215ABE720DFA4CC85EBFB7B8FF88710F208619FA15972D0DB71A905CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • PtInRect.USER32(?,?,?), ref: 00409272
                    • ReleaseCapture.USER32 ref: 00409280
                    • #6215.MFC42(00000000), ref: 0040928A
                    • ClientToScreen.USER32(?,?), ref: 00409298
                    • WindowFromPoint.USER32(?,?), ref: 004092A8
                    • #2864.MFC42(00000000), ref: 004092AF
                    • SendMessageA.USER32(?,00000084,00000000,?), ref: 004092E1
                    • ScreenToClient.USER32(?,?), ref: 004092F5
                    • PostMessageA.USER32(?,00000200,?,?), ref: 00409322
                    • PostMessageA.USER32(?,000000A0,00000000,?), ref: 00409351
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Message$ClientPostScreen$#2864#6215CaptureFromPointRectReleaseSendWindow
                    • String ID:
                    • API String ID: 2212727604-0
                    • Opcode ID: c5fc2f94de7aa4ad298c4d6176f142c0d728f08d6eee7e79f76a50ef2f92ae2a
                    • Instruction ID: f0a5adcad25a3a7961dc26985cca0a16dfc293d7fe6ac9ed4f95d6f23dbc4d8d
                    • Opcode Fuzzy Hash: c5fc2f94de7aa4ad298c4d6176f142c0d728f08d6eee7e79f76a50ef2f92ae2a
                    • Instruction Fuzzy Hash: CE212CB2204702AFE314DF24D849E7BB7A9FBC8700F148E3DF5A193684D674E8058B65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • wsprintfA.USER32 ref: 1000F362
                    • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000F373
                    • GetLastError.KERNEL32 ref: 1000F37F
                    • ReleaseMutex.KERNEL32(00000000), ref: 1000F38D
                    • CloseHandle.KERNEL32(00000000), ref: 1000F394
                      • Part of subcall function 10014344: _doexit.LIBCMT ref: 10014350
                    • GetTickCount.KERNEL32 ref: 1000F3D7
                    • GetTickCount.KERNEL32 ref: 1000F3F2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CountMutexTick$CloseCreateErrorHandleLastRelease_doexitwsprintf
                    • String ID: %d:%d
                    • API String ID: 3645654511-4036436701
                    • Opcode ID: 97ed7eedbe49b004d12e39abbfdab4ca14c1e8d4924a6dd05f33728ba6f024fb
                    • Instruction ID: 14b544a3744082c85ebde1b9be9e5a554f618d7c834c0904d8e3e9cd67375b9d
                    • Opcode Fuzzy Hash: 97ed7eedbe49b004d12e39abbfdab4ca14c1e8d4924a6dd05f33728ba6f024fb
                    • Instruction Fuzzy Hash: 9A41A270900654DFEB10DB64CC95BEE77F8FF44340F2041A8E90A9B285DB30AE49DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 100042C4
                    • send.WS2_32(?,10027490,00000010,00000000), ref: 100042FD
                    • SetEvent.KERNEL32(?,000000FF,00000000), ref: 10004320
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 1000432B
                    • WSACloseEvent.WS2_32(?), ref: 10004339
                    • shutdown.WS2_32(?,00000001), ref: 1000434D
                    • closesocket.WS2_32(?), ref: 10004357
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Event$CloseCurrentExchangeInterlockedThreadclosesocketsendshutdown
                    • String ID: OnClose===%d
                    • API String ID: 2609651166-4224812182
                    • Opcode ID: 1051c8803a86a7f00e0a2abc9789f8ec58f828892bf28140c87b44843692ec02
                    • Instruction ID: 0020e6a3504b892d761e183339a2bc92ac3da44f336086c81939c612e3854018
                    • Opcode Fuzzy Hash: 1051c8803a86a7f00e0a2abc9789f8ec58f828892bf28140c87b44843692ec02
                    • Instruction Fuzzy Hash: 08119375600B219BE220DB399C8895BB7F9FF947917114A0DF68683694CB71F8428B64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #540.MFC42(00000000,?,00000000,?,00000000,00000000,?,?,?,?,?,00000000), ref: 0040F4A1
                    • #2818.MFC42 ref: 0040F4BD
                    • SendMessageA.USER32(?,00001203,?,?), ref: 0040F4E6
                    • #4171.MFC42 ref: 0040F502
                    • SendMessageA.USER32(?,00001204,?,00000004), ref: 0040F525
                    • #6311.MFC42 ref: 0040F52B
                    • #800.MFC42 ref: 0040F53C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#2818#4171#540#6311#800
                    • String ID: %d_
                    • API String ID: 2501914315-998424543
                    • Opcode ID: 2ee5694c24d78c79886c0d584440fcbb0aba287a70fe444fd55b1b641cbf761d
                    • Instruction ID: 522b59922cbfd7cab3c4b28ec4f5c4571927b1a5c634cd56164b0c3afdb40d93
                    • Opcode Fuzzy Hash: 2ee5694c24d78c79886c0d584440fcbb0aba287a70fe444fd55b1b641cbf761d
                    • Instruction Fuzzy Hash: E22134B5508780AFC310DF69D881E9AF7E4FBC8724F008E1EF5A983280D774A905CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __EH_prolog3.LIBCMT ref: 100119B7
                    • std::_Lockit::_Lockit.LIBCPMT ref: 100119C1
                    • int.LIBCPMT ref: 100119D8
                      • Part of subcall function 10007270: std::_Lockit::_Lockit.LIBCPMT ref: 10007281
                    • messages.LIBCPMT ref: 100119FB
                    • std::bad_exception::bad_exception.LIBCMT ref: 10011A0F
                    • __CxxThrowException@8.LIBCMT ref: 10011A1D
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 10011A33
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::bad_exception::bad_exceptionstd::locale::facet::_
                    • String ID: bad cast
                    • API String ID: 2525416601-3145022300
                    • Opcode ID: 47b1753c023bbec03219fad1c398a432a66622f3606784c3f7c8d51ce3481a59
                    • Instruction ID: 2ba90e5b6ac3e0a14eb12e7d0e154b7a6e58049011edd0d3fb8890e17bb6c572
                    • Opcode Fuzzy Hash: 47b1753c023bbec03219fad1c398a432a66622f3606784c3f7c8d51ce3481a59
                    • Instruction Fuzzy Hash: 3A01AD399011599BDB0ADBA08C92AFE7734EF84360FA00118F5606F1D1DF38EA818790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,FCCBADC3,00000000,?,?,?,1000F3BE), ref: 1000EE6A
                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,00000400,00000400,00001000), ref: 1000EF1B
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000EF56
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000EF7B
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000EFA0
                      • Part of subcall function 100013B0: __CxxThrowException@8.LIBCMT ref: 100013C2
                      • Part of subcall function 100013B0: DeleteCriticalSection.KERNEL32(?,00001000,1002BF50,?,1000EC40,80004005), ref: 100013D1
                      • Part of subcall function 1000EA90: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,FCCBADC3,00000000,?,75922F30,1000F04F), ref: 1000EAEB
                      • Part of subcall function 1000EA90: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 1000EB07
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F085
                    • timeGetTime.WINMM ref: 1000F08B
                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000F099
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000F0A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteException@8ExchangeInterlockedThrowTimetime
                    • String ID:
                    • API String ID: 1400036169-0
                    • Opcode ID: 1fd2bcf9d07adb4e4a7e8d17b1e1fa1f6c068bc3293ec1394aceb41642edea0b
                    • Instruction ID: 59eaa1fe3655fcbffb0bbbe29cd18b89c79cbe65b41c99d8e422eb64f098899f
                    • Opcode Fuzzy Hash: 1fd2bcf9d07adb4e4a7e8d17b1e1fa1f6c068bc3293ec1394aceb41642edea0b
                    • Instruction Fuzzy Hash: 378128B0904B809EE321CF7AC884B9BFAF8FF95740F10491EE19A97650DBB5A544CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetLastError.KERNEL32(0000139F,FCCBADC3), ref: 100049D6
                    • EnterCriticalSection.KERNEL32(?,FCCBADC3), ref: 100049FD
                    • SetLastError.KERNEL32(0000139F), ref: 10004A11
                    • LeaveCriticalSection.KERNEL32(?), ref: 10004A18
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalErrorLastSection$EnterLeave
                    • String ID:
                    • API String ID: 2124651672-0
                    • Opcode ID: 684d7e835f7cdf17f97e89f2cb0272e4fec9567926566c7480da536c02b2fcd3
                    • Instruction ID: 278940f6039d9da51c69a2c0630a0b8b02f6c63230709be428f8ea9bb4d0eec8
                    • Opcode Fuzzy Hash: 684d7e835f7cdf17f97e89f2cb0272e4fec9567926566c7480da536c02b2fcd3
                    • Instruction Fuzzy Hash: F851AD76A046009BE724DF68D885B5BF7F8FF88711F104A6EE80A87741EB35B414CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetLastError.KERNEL32(0000139F,1002F840), ref: 025565DA
                    • RtlEnterCriticalSection.NTDLL(?), ref: 02556601
                    • SetLastError.KERNEL32(0000139F), ref: 02556615
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 0255661C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalErrorLastSection$EnterLeave
                    • String ID:
                    • API String ID: 2124651672-0
                    • Opcode ID: d705fc4b5607e17fe506d0d855865febdeab789774e1aeffbf536725640ed713
                    • Instruction ID: 65f715947dc2fea7800ab9ed763a71b247d874e8bf12a290aa288f29e5445cf9
                    • Opcode Fuzzy Hash: d705fc4b5607e17fe506d0d855865febdeab789774e1aeffbf536725640ed713
                    • Instruction Fuzzy Hash: 6551CE72A047419BD724DF68D885B6AFBF9FF88711F104A6EE90A83780E735A400CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #3797.MFC42 ref: 0040CC39
                    • SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040CC5C
                    • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040CC71
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CC88
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CC9B
                    • #3293.MFC42(00000000,?,00000000), ref: 0040CCC4
                    • PtInRect.USER32(?,?,?), ref: 0040CCE6
                    • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CD06
                    • GetClientRect.USER32(?,?), ref: 0040CD5C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$Rect$#3293#3797Client
                    • String ID:
                    • API String ID: 3796748647-0
                    • Opcode ID: 52f0b53c295355d551e6cc61e1bb7a0e00a06dae785f309c2c1d6edae29d6741
                    • Instruction ID: c9b130cf798b6c147ad439b76fe660ec94ef8f77a0d0c1c7f6bf58dcfc6fdadb
                    • Opcode Fuzzy Hash: 52f0b53c295355d551e6cc61e1bb7a0e00a06dae785f309c2c1d6edae29d6741
                    • Instruction Fuzzy Hash: 83415671204305ABD314CF29C8C1F6AB7E5FFC8704F108A2EF689DB281E674E9468B59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #3910.MFC42(?,?,00000000), ref: 0040D928
                    • GetWindowLongA.USER32(?,000000F0), ref: 0040D943
                    • SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040D96F
                    • SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040D984
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040D999
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040D9AE
                    • #3293.MFC42(00000000,?,00000000,?,?,00000000), ref: 0040D9D1
                    • PtInRect.USER32(?,00000000,?), ref: 0040D9E2
                    • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040DA02
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3293#3910LongRectWindow
                    • String ID:
                    • API String ID: 3992863169-0
                    • Opcode ID: 2485c8cbd17a0f159bb03516d30ab86536bad7a9c092dfa2cd7483a09873072a
                    • Instruction ID: d63a2e1c42bb1b8bc2b8ae77a0e136eafb6092e95d5fa9fccd7eb7a9206849b5
                    • Opcode Fuzzy Hash: 2485c8cbd17a0f159bb03516d30ab86536bad7a9c092dfa2cd7483a09873072a
                    • Instruction Fuzzy Hash: 81417C72744311ABD314DE69DC81F6BB3E4FB88710F44462AF694EB2C1D774E8098BA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #537.MFC42(?), ref: 004121E5
                    • #1175.MFC42 ref: 00412201
                    • #289.MFC42(00000000), ref: 0041221A
                    • #2860.MFC42(?,?,00000000), ref: 00412230
                    • #5788.MFC42(00000000,?,?,00000000), ref: 0041223A
                    • GetTabbedTextExtentA.USER32(?,?,?,00000000,00000000), ref: 00412253
                    • #5788.MFC42(00000000,?,00000000), ref: 004122DF
                    • #613.MFC42(00000000,?,00000000), ref: 004122ED
                    • #800.MFC42(?,00000000), ref: 00412311
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #5788$#1175#2860#289#537#613#800ExtentTabbedText
                    • String ID:
                    • API String ID: 2367858267-0
                    • Opcode ID: 906f35d1d8fb4f37d2d7b26a0a8f0d630f258d35a946154faf8aecbef1d55e9a
                    • Instruction ID: 567fa367e93f2cff6e5d6126174c9d0d14a8d767bfb4ad0725aed7e2b4a10e36
                    • Opcode Fuzzy Hash: 906f35d1d8fb4f37d2d7b26a0a8f0d630f258d35a946154faf8aecbef1d55e9a
                    • Instruction Fuzzy Hash: 705125B16047419FC314DF69C984AABB7E4FB88714F004A2EF5A6C7390D778E894CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 10004040: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 1000404A
                      • Part of subcall function 10004040: _free.LIBCMT ref: 1000407F
                      • Part of subcall function 10004040: _malloc.LIBCMT ref: 100040BA
                      • Part of subcall function 10004040: _memset.LIBCMT ref: 100040C8
                    • InterlockedIncrement.KERNEL32(10030C2C), ref: 100053A5
                    • InterlockedIncrement.KERNEL32(10030C2C), ref: 100053B3
                    • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 100053D9
                    • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 100053F6
                    • ResetEvent.KERNEL32(?,?,?,10030C2C), ref: 10005430
                    • SetLastError.KERNEL32(00000000), ref: 10005463
                    • GetLastError.KERNEL32 ref: 10005479
                      • Part of subcall function 100042C0: GetCurrentThreadId.KERNEL32 ref: 100042C4
                    • SetLastError.KERNEL32(00000000), ref: 10005489
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast$IncrementInterlockedsetsockopt$CreateCurrentEventResetThreadTimerWaitable_free_malloc_memset
                    • String ID:
                    • API String ID: 2286274327-0
                    • Opcode ID: 1231df8f7a79c4edd47445b6cdb0b70adb9b6d20ab15abf819f806687308e531
                    • Instruction ID: 546628de8baab5c086cc402e918b800134d7ec208766f8b6377120df9ab3aa7f
                    • Opcode Fuzzy Hash: 1231df8f7a79c4edd47445b6cdb0b70adb9b6d20ab15abf819f806687308e531
                    • Instruction Fuzzy Hash: 924180B1600704AFE360DF69DCC4BABB7E8FF88751F50491EE649D7640DBB1A8448B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ResetEvent.KERNEL32(?), ref: 100054B3
                    • ResetEvent.KERNEL32(?), ref: 100054BC
                    • timeGetTime.WINMM ref: 100054BE
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 100054CD
                    • WaitForSingleObject.KERNEL32(?,00001770), ref: 1000551F
                    • ResetEvent.KERNEL32(?), ref: 1000553C
                      • Part of subcall function 100042C0: GetCurrentThreadId.KERNEL32 ref: 100042C4
                    • ResetEvent.KERNEL32(?), ref: 10005550
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: EventReset$CurrentExchangeInterlockedObjectSingleThreadTimeWaittime
                    • String ID:
                    • API String ID: 227394482-0
                    • Opcode ID: e39b885620659f52c552ccaedcf13df89b61da7eff19e163be438c7e556bf600
                    • Instruction ID: df39d6434c08a5d10720925b6efa3692a25b0a81733ba76bd22b8f6a1b9d55f2
                    • Opcode Fuzzy Hash: e39b885620659f52c552ccaedcf13df89b61da7eff19e163be438c7e556bf600
                    • Instruction Fuzzy Hash: B131B476600B04ABD220EF69DC85F97B3E9FF88751F100A0EF58AC7690D771B4058BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #823lstrcpylstrlen
                    • String ID:
                    • API String ID: 44751579-0
                    • Opcode ID: 26ffb9fc7549d93a047a4428b1c84217f2ac3a582ad1a1143771b3ed28530c18
                    • Instruction ID: 9fd9e4be3466d4e6ec2624e88633e799ba7732fa0f98fce2da381100baf49c9c
                    • Opcode Fuzzy Hash: 26ffb9fc7549d93a047a4428b1c84217f2ac3a582ad1a1143771b3ed28530c18
                    • Instruction Fuzzy Hash: 2A2141F59147009FC320DF39D84482BBBF8EB89325B004A2EE49AC3780D734E9458B69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsChild.USER32(?,?), ref: 004076EB
                    • #2379.MFC42(?,?,00414E98,000000FF), ref: 004076F7
                    • #540.MFC42(?,?,00414E98,000000FF), ref: 00407700
                    • #3874.MFC42(?,?,?,00414E98,000000FF), ref: 00407714
                    • #4171.MFC42(?,?,?,00414E98,000000FF), ref: 0040771D
                    • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 00407731
                    • #6311.MFC42(?,?,00414E98,000000FF), ref: 0040773B
                    • #858.MFC42(?,?,?,00414E98,000000FF), ref: 00407748
                    • #800.MFC42(?,?,00414E98,000000FF), ref: 0040776E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2379#3874#4171#540#6311#800#858ChildMessageSend
                    • String ID:
                    • API String ID: 421972520-0
                    • Opcode ID: 5a64858ddbe6b802de063febd60bb1cbe72d8385376e16a591bbf6128ba8ac1e
                    • Instruction ID: 4bb68b4427184ca7db21ce6919c4eb0220300dda86eda68f8a00e48d3d20d639
                    • Opcode Fuzzy Hash: 5a64858ddbe6b802de063febd60bb1cbe72d8385376e16a591bbf6128ba8ac1e
                    • Instruction Fuzzy Hash: 2F3166756046029BC314DF24D981FAAB3E5BB84B08F00492DF4869B6D0CB78E909CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetLastError.KERNEL32(0000139F), ref: 10003DD4
                    • TryEnterCriticalSection.KERNEL32(?), ref: 10003DF2
                    • TryEnterCriticalSection.KERNEL32(?), ref: 10003DFC
                    • SetLastError.KERNEL32(0000139F), ref: 10003E13
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003E1C
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003E22
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterErrorLastLeave
                    • String ID:
                    • API String ID: 4082018349-0
                    • Opcode ID: 0555156e46418d7bb0b16af98d2eefc9b02cbb79fb2cb44f44c468b061cd6a48
                    • Instruction ID: 1e208615c93aecb7e1cf20f3243b7a43ffb5012ca8cd25a739d0d04ea6dc492b
                    • Opcode Fuzzy Hash: 0555156e46418d7bb0b16af98d2eefc9b02cbb79fb2cb44f44c468b061cd6a48
                    • Instruction Fuzzy Hash: 4F11C476A003149BE720DBA9DCC59ABB7ECFF48655B00466AEA0AC3140D771E855C7A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #324.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CA7
                    • #567.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CB9
                    • #567.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CD1
                    • #540.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CE9
                    • #540.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CFB
                    • #540.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D0D
                    • #860.MFC42(0041BB74,00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D24
                    • #860.MFC42(0041BB74,0041BB74,00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D30
                    • #860.MFC42(0041BB74,0041BB74,0041BB74,00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D44
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#860$#567$#324
                    • String ID:
                    • API String ID: 1158441897-0
                    • Opcode ID: d008fcce58031c93d02e0888f36e7cae6136481e86b4d922e1cabf806ab4c13f
                    • Instruction ID: af8e904c0765c3f02d25fec84df8a85908adb0e9a635f14d4f9c34079af0e806
                    • Opcode Fuzzy Hash: d008fcce58031c93d02e0888f36e7cae6136481e86b4d922e1cabf806ab4c13f
                    • Instruction Fuzzy Hash: 77219F713447818BC310DF1684017AAFBE6EFC5704F01491EE5A657781CBBD664ACB9A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memmove.LIBCMT ref: 10002376
                      • Part of subcall function 10001760: __vswprintf.LIBCMT ref: 1000179A
                    • _malloc.LIBCMT ref: 10002330
                      • Part of subcall function 10012D63: __FF_MSGBANNER.LIBCMT ref: 10012D7C
                      • Part of subcall function 10012D63: __NMSG_WRITE.LIBCMT ref: 10012D83
                      • Part of subcall function 10012D63: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,10016A53,?,00000001,?,?,1001D161,00000018,1002D480,0000000C,1001D1F1), ref: 10012DA8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocHeap__vswprintf_malloc_memmove
                    • String ID: [RI] %d bytes$input ack: sn=%lu rtt=%ld rto=%ld$input probe$input psh: sn=%lu ts=%lu$input wins: %lu
                    • API String ID: 3168077353-868042568
                    • Opcode ID: d0fcbddad40136984b7430a8e0cdbdbce17de11a70fa97e5a5289f4d9a8de945
                    • Instruction ID: ac29a1ea6e47d8aa176854c860a0aeef87238edb6e8bbca57347e0c4e13de501
                    • Opcode Fuzzy Hash: d0fcbddad40136984b7430a8e0cdbdbce17de11a70fa97e5a5289f4d9a8de945
                    • Instruction Fuzzy Hash: 4BB1A175A002059FEB18CF68D880AAE7BB5FF44390F0445AEED59AB34AD731ED41CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 10008A0D
                    • std::_Lockit::_Lockit.LIBCPMT ref: 10008A30
                    • std::bad_exception::bad_exception.LIBCMT ref: 10008AB4
                    • __CxxThrowException@8.LIBCMT ref: 10008AC2
                    • std::_Lockit::_Lockit.LIBCPMT ref: 10008AD5
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 10008AEF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                    • String ID: bad cast
                    • API String ID: 2427920155-3145022300
                    • Opcode ID: 7a2eb846b0f9750a6a3609ef81480abad3cdc1a18753162f9525d9041d0ced2f
                    • Instruction ID: 846728a4029947df6fa74ba1b0d6948511893a63c49ec5e8885cc4d3df307b16
                    • Opcode Fuzzy Hash: 7a2eb846b0f9750a6a3609ef81480abad3cdc1a18753162f9525d9041d0ced2f
                    • Instruction Fuzzy Hash: F6310231A042159FFB20CF50C891B9EB3B0FB05360F11466AF995AB692DB70BE40CBD2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000B5CD
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000B5F0
                    • std::bad_exception::bad_exception.LIBCMT ref: 1000B674
                    • __CxxThrowException@8.LIBCMT ref: 1000B682
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000B695
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 1000B6AF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                    • String ID: bad cast
                    • API String ID: 2427920155-3145022300
                    • Opcode ID: a44377245e7e6bd3e030f5106e8735e589d54e21cda75cee0830955f90fbf42e
                    • Instruction ID: c1c61741038467a24c93aeb441859647f9cba68d9d0848c6d91a2a1eba11ba4b
                    • Opcode Fuzzy Hash: a44377245e7e6bd3e030f5106e8735e589d54e21cda75cee0830955f90fbf42e
                    • Instruction Fuzzy Hash: 38311276A016148FEB10CF50C8D1BAE73B0FB00364F110669F856AB2D2DB76BE80CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    • _memset.LIBCMT ref: 100062F0
                    • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?), ref: 1000630A
                    • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000005,?,?,?,00000000,00000000,00000001,?,?), ref: 10006344
                      • Part of subcall function 10013B8E: __mbscmp_l.LIBCMT ref: 10013B9B
                    • lstrcpyA.KERNEL32(-000000D0,system,?,?), ref: 1000636E
                    • WTSFreeMemory.WTSAPI32(?), ref: 10006383
                    • WTSFreeMemory.WTSAPI32(?,?,00000000,00000000,00000001,?,?), ref: 1000639F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: FreeMemory$EnumerateInformationQuerySessionSessions__mbscmp_l_malloc_memsetlstrcpy
                    • String ID: system
                    • API String ID: 3289043263-3377271179
                    • Opcode ID: 98ae5c0b7f8c2a0b6f032ecf6f83b3943e90cb41ad3803ec13c9df5db193eb0a
                    • Instruction ID: f6f942c1cf9e4e6ff84444016c504d2a34f388c1fadecdd606786a2a8a777291
                    • Opcode Fuzzy Hash: 98ae5c0b7f8c2a0b6f032ecf6f83b3943e90cb41ad3803ec13c9df5db193eb0a
                    • Instruction Fuzzy Hash: 8B317AB9E00609ABDB10CF94CC81DAFB7BAFF99750F208159F90567245E670AA41CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 10006A6D
                    • _memset.LIBCMT ref: 10006A79
                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,FCCBADC3,?,00000000,00000000), ref: 10006AE4
                    • gethostname.WS2_32(?,1000E1E3), ref: 10006AEC
                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,FCCBADC3,?,00000000,00000000), ref: 10006AF3
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memsetlstrlen$_mallocgethostname
                    • String ID: Host$SYSTEM\Setup
                    • API String ID: 2594358590-2058306683
                    • Opcode ID: 372afed4322eb3cd61a915cb0dcb4502f61605d9dff6e97eb55d6b83ae835972
                    • Instruction ID: e1e7fd0a4084a905876e328838acedcef136b5a9d0be9d7f01013dde0ced0442
                    • Opcode Fuzzy Hash: 372afed4322eb3cd61a915cb0dcb4502f61605d9dff6e97eb55d6b83ae835972
                    • Instruction Fuzzy Hash: 3631E9B0A01264AFE720DF68CC85F9E7BB4FB49710F104169FA18A7281D7706A41CF99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00403927
                    • #1200.MFC42(E' necessario inserire almeno una colonna ..,00000000,00000000), ref: 0040393A
                    • #823.MFC42 ref: 00403956
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 0040397A
                    • #825.MFC42(?), ref: 004039A3
                    • #4853.MFC42 ref: 004039BD
                    Strings
                    • E' necessario inserire almeno una colonna .., xrefs: 00403935
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#1200#4853#823#825
                    • String ID: E' necessario inserire almeno una colonna ..
                    • API String ID: 2659078600-2295075096
                    • Opcode ID: 98e347136bab47e57f8ff6eea5127d2df670de5e820889f242ee64d48b3bef4a
                    • Instruction ID: 5dd13c02784e4739f92824060554be4ce9360d9adebedac0fdd6b867675f3a48
                    • Opcode Fuzzy Hash: 98e347136bab47e57f8ff6eea5127d2df670de5e820889f242ee64d48b3bef4a
                    • Instruction Fuzzy Hash: 1611E1B96003009BD710EF19EC81B977BA8FF85712F004569FC05AB382D7B9E905CBA6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #1168#1232#1270#567ClassCursorInfoLoad
                    • String ID: ZGfxListTip
                    • API String ID: 3069537701-2764869995
                    • Opcode ID: 32ba025bc9c3bc3d4277a5987f34500a9a63dd2d1cb7d652bd44b08f51c750f6
                    • Instruction ID: b23fa3e24054bf97c7f4033adafb7fa7bbd57158c1fd44fc91190962c09406ad
                    • Opcode Fuzzy Hash: 32ba025bc9c3bc3d4277a5987f34500a9a63dd2d1cb7d652bd44b08f51c750f6
                    • Instruction Fuzzy Hash: 15112BB1508341AFC700DF5AC880A9ABBE4FBC8758F50493EF59897260C77885448B9A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #4710.MFC42 ref: 00403EDC
                    • #823.MFC42(00000014), ref: 00403EE3
                    • #540.MFC42(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00414AB3,000000FF), ref: 00403F4E
                    • #860.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00414AB3,000000FF), ref: 00403F8D
                    • SendMessageA.USER32(?,00000180,00000000,?), ref: 00403FDF
                    • SendMessageA.USER32(?,0000019A,00000000,00000000), ref: 00403FEF
                    • #800.MFC42(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00414AB3,000000FF), ref: 00404009
                      • Part of subcall function 00402620: #823.MFC42(?), ref: 0040264C
                    • SendMessageA.USER32(?,00000186,00000000,00000000), ref: 00404045
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#823$#4710#540#800#860
                    • String ID:
                    • API String ID: 3628477057-0
                    • Opcode ID: 5a79c1756b06f2c3ca3de62895b316e434644c51568fd4f84fedeec20ca77a60
                    • Instruction ID: 04a5c72ea6bc9970d7b5ae86aba9c65ae7358472a5112f997e31c42eb146a8b2
                    • Opcode Fuzzy Hash: 5a79c1756b06f2c3ca3de62895b316e434644c51568fd4f84fedeec20ca77a60
                    • Instruction Fuzzy Hash: B641B0B0A04742ABD314CF29C851B97BBE8BF84714F048A2EF555A73D1D738E905CB99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • EnterCriticalSection.KERNEL32(?,FCCBADC3), ref: 100045B3
                    • LeaveCriticalSection.KERNEL32(?), ref: 100045FE
                    • send.WS2_32(?,?,?,00000000), ref: 10004620
                    • EnterCriticalSection.KERNEL32(?), ref: 10004633
                    • LeaveCriticalSection.KERNEL32(?), ref: 10004646
                    • WSAGetLastError.WS2_32 ref: 1000467C
                    • EnterCriticalSection.KERNEL32(?), ref: 10004690
                    • LeaveCriticalSection.KERNEL32(?), ref: 100046C9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$ErrorLastsend
                    • String ID:
                    • API String ID: 3480985631-0
                    • Opcode ID: c983e8cfd3fe7a97733a19e4025bda8ca667d19a9a9c73aa26b38fdbd94399c0
                    • Instruction ID: 3fea718324304b060fa1b3d946bb02ad1e6e18cd03f7234c72dfea94030e1931
                    • Opcode Fuzzy Hash: c983e8cfd3fe7a97733a19e4025bda8ca667d19a9a9c73aa26b38fdbd94399c0
                    • Instruction Fuzzy Hash: AC514AB5504B059FE310CF78C984AABB7F8FF49391F514A2EE86AC3650EB31B8448B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RtlEnterCriticalSection.NTDLL(?), ref: 025561B7
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 02556202
                    • send.WS2_32(?,?,?,00000000), ref: 02556224
                    • RtlEnterCriticalSection.NTDLL(?), ref: 02556237
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 0255624A
                    • WSAGetLastError.WS2_32 ref: 02556280
                    • RtlEnterCriticalSection.NTDLL(?), ref: 02556294
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 025562CD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$ErrorLastsend
                    • String ID:
                    • API String ID: 3480985631-0
                    • Opcode ID: c983e8cfd3fe7a97733a19e4025bda8ca667d19a9a9c73aa26b38fdbd94399c0
                    • Instruction ID: 1eee896e484bf9e7637f62e4f58eda134a83c1b2fed1042301de475738ed1fc0
                    • Opcode Fuzzy Hash: c983e8cfd3fe7a97733a19e4025bda8ca667d19a9a9c73aa26b38fdbd94399c0
                    • Instruction Fuzzy Hash: 375148B1904B159FD720CF78C994AABBBF8FF49310F504A2EE92A83650DB31B4048B54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsBadReadPtr.KERNEL32(?,00000014), ref: 10005F64
                    • LoadLibraryA.KERNEL32(?), ref: 10005F80
                    • GetProcessHeap.KERNEL32(00000000,?,?), ref: 10005FA6
                    • HeapReAlloc.KERNEL32(00000000), ref: 10005FAD
                    • GetProcessHeap.KERNEL32(00000000,?), ref: 10005FB7
                    • HeapAlloc.KERNEL32(00000000), ref: 10005FBE
                    • GetProcAddress.KERNEL32(00000000,?), ref: 1000600B
                    • IsBadReadPtr.KERNEL32(?,00000014), ref: 1000602E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$AllocProcessRead$AddressLibraryLoadProc
                    • String ID:
                    • API String ID: 1153753045-0
                    • Opcode ID: a4162a36995399baae44d2e32b594409e039bc91f24836995a52a82dda8b358e
                    • Instruction ID: 8aba96c704a8f904847c315627ac0d88808bcebf275aa9cfebd6ba14af086bc9
                    • Opcode Fuzzy Hash: a4162a36995399baae44d2e32b594409e039bc91f24836995a52a82dda8b358e
                    • Instruction Fuzzy Hash: DE416B7160021ADFEB10CF69CC84A6AB7E9FF48399F214169ED09D7255EB36ED018B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 02557B68
                    • LoadLibraryA.KERNEL32(?), ref: 02557B84
                    • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02557BAA
                    • RtlReAllocateHeap.NTDLL(00000000), ref: 02557BB1
                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02557BBB
                    • RtlAllocateHeap.NTDLL(00000000), ref: 02557BC2
                    • GetProcAddress.KERNEL32(00000000,?), ref: 02557C0F
                    • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 02557C32
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$AllocateHugeProcessRead$AddressLibraryLoadProc
                    • String ID:
                    • API String ID: 2432896279-0
                    • Opcode ID: a4162a36995399baae44d2e32b594409e039bc91f24836995a52a82dda8b358e
                    • Instruction ID: 96da1b0b84a2e23970c8992ff9eff7dab525c449761406466cc2b7a0e31b9a01
                    • Opcode Fuzzy Hash: a4162a36995399baae44d2e32b594409e039bc91f24836995a52a82dda8b358e
                    • Instruction Fuzzy Hash: 9841A07160062ADFEB108F68CC94B6AFBA8FF08319F14816AED19D3351E731E801CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • socket.WS2_32(00000002,00000002,00000011), ref: 02555497
                    • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 025554D1
                    • WSACreateEvent.WS2_32 ref: 02555503
                    • gethostbyname.WS2_32(?), ref: 0255550D
                    • htons.WS2_32(?), ref: 02555526
                    • WSAEventSelect.WS2_32(?,?,00000030), ref: 02555544
                    • connect.WS2_32(?,?,00000010), ref: 02555559
                    • WSAGetLastError.WS2_32 ref: 02555568
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Event$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
                    • String ID:
                    • API String ID: 603330298-0
                    • Opcode ID: 2e3c511e4fe12406094f4e07a711b230d4d970c089eb23a1790e54747d831699
                    • Instruction ID: 4faeda97e0832c3ef5b20fa7212d874fe548c70180280ccbe55e7ca8401c4ae1
                    • Opcode Fuzzy Hash: 2e3c511e4fe12406094f4e07a711b230d4d970c089eb23a1790e54747d831699
                    • Instruction Fuzzy Hash: F7315E71A00215ABE724DFA4CC89EBFBBB9FF88710F604619FA15972D0DB719905CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 02561586
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0256159A
                    • swprintf.LIBCMT ref: 025615B8
                    • swprintf.LIBCMT ref: 025615D5
                      • Part of subcall function 02560594: RegOpenKeyExA.ADVAPI32(80000002,100275E8,00000000,00020019,?), ref: 025605AF
                      • Part of subcall function 02560594: RegQueryValueExA.ADVAPI32(?,10027CA8,00000000,00000000,00000000,?), ref: 025605CC
                      • Part of subcall function 02560594: RegCloseKey.ADVAPI32(?), ref: 025605DA
                    • OutputDebugStringA.KERNEL32(10027D9C), ref: 025615EF
                    • RegOpenKeyExA.ADVAPI32(80000002,100275E8,00000000,00020006,?), ref: 0256160D
                      • Part of subcall function 02561314: OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 02561344
                      • Part of subcall function 02561314: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 0256135E
                      • Part of subcall function 02561314: LookupPrivilegeValueA.ADVAPI32(00000000,10027888,?), ref: 0256137F
                      • Part of subcall function 02561314: GetLengthSid.ADVAPI32(?), ref: 025614D8
                      • Part of subcall function 02561314: SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 025614EC
                      • Part of subcall function 02561314: TerminateProcess.KERNEL32(00000000,00000000), ref: 02561517
                      • Part of subcall function 02561314: CloseHandle.KERNEL32(?), ref: 02561535
                      • Part of subcall function 02561314: CloseHandle.KERNEL32(00000000,?,00000000), ref: 0256154D
                    • RegSetValueExA.ADVAPI32(?,10027CA8,00000000,00000001,?,?), ref: 02561699
                    • RegCloseKey.ADVAPI32(?), ref: 025616A6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseOpen$ProcessValue$HandleTokenswprintf$DebugFileFolderInformationLengthLookupModuleNameOutputPathPrivilegeQueryStringTerminate
                    • String ID:
                    • API String ID: 2061027805-0
                    • Opcode ID: 282445fa50807cf3bc266cbbd69791f3541c7be77d1576e6cdd7fde757dcf9e4
                    • Instruction ID: b08492f6707bdbcd5350bf812cd3e9adc70e399a0b65aab1cecd5eadb7a52a33
                    • Opcode Fuzzy Hash: 282445fa50807cf3bc266cbbd69791f3541c7be77d1576e6cdd7fde757dcf9e4
                    • Instruction Fuzzy Hash: 6A318675680219BAFB20DB60CC4AFFA7779BB44701F908184B70D6B1C2DBB06A454E69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 004047AB
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 004047C4
                    • #3092.MFC42(000003F9), ref: 004047CF
                    • #4123.MFC42(000003F9), ref: 004047D6
                    • #6334.MFC42(00000001,?,000003F9), ref: 004047E8
                    • #825.MFC42(?,?,000003F9), ref: 00404840
                    • #823.MFC42(?,?,000003F9), ref: 00404853
                    • lstrcpyA.KERNEL32(?,?), ref: 00404877
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092#4123#6334#823#825lstrcpy
                    • String ID:
                    • API String ID: 591287354-0
                    • Opcode ID: f2b51f4149ced77e29ad079616f1a9ded128118b6914bf12227acb7891540784
                    • Instruction ID: e761ebe69d3f5367b962e2dfde0e8fb97fb7eded393c4cf22a88545db9375cb7
                    • Opcode Fuzzy Hash: f2b51f4149ced77e29ad079616f1a9ded128118b6914bf12227acb7891540784
                    • Instruction Fuzzy Hash: AC2106BA7002855BE610DB75D851FD373DAAF85304F048A2AEA459B381D63AEC42C794
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #535.MFC42(?,?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 0040710D
                    • #4129.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 00407137
                    • _stricmp.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 00407140
                    • #800.MFC42 ref: 0040714E
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 00407164
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 0040717E
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 004071A4
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,00414E40,000000FF), ref: 004071B5
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #800$#4129#535_stricmp
                    • String ID:
                    • API String ID: 2166634664-0
                    • Opcode ID: c84955166307853851759cfb3a0491196563ebd6a1a517387e2fee947342446d
                    • Instruction ID: b8ae62934c332dda9927a3f2c4ba175b01fe59f18ffdb9352e62b49e84a7c288
                    • Opcode Fuzzy Hash: c84955166307853851759cfb3a0491196563ebd6a1a517387e2fee947342446d
                    • Instruction Fuzzy Hash: 8C3182315086419BC304DF25C840A9AF7E1BBC8728F044B2EF895A73D0DB38EA46CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00404A4C
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00404A67
                    • #3092.MFC42(000003F7), ref: 00404A72
                    • #4123.MFC42(000003F7), ref: 00404A79
                    • #6334.MFC42(00000001,000003F7), ref: 00404A9A
                    • SendMessageA.USER32(?,00000199,00000000,00000000), ref: 00404AAE
                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404AC2
                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404AD3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092#4123#6334
                    • String ID:
                    • API String ID: 515758084-0
                    • Opcode ID: 60b003882b9f0c5de577d36d51d2fd2112624e046a00533eccce75409208057b
                    • Instruction ID: eb0a1041430d19aae427b7ba1453584d291834d5228613470cce12b38d1b202d
                    • Opcode Fuzzy Hash: 60b003882b9f0c5de577d36d51d2fd2112624e046a00533eccce75409208057b
                    • Instruction Fuzzy Hash: 232150713403056BEB24DA69CC81FA7B399AB84708F104669E645AF2D1DAB4F845CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • EnterCriticalSection.KERNEL32(?,FCCBADC3,?,?,?,?,?,10026048,000000FF), ref: 1000418D
                    • ResetEvent.KERNEL32(?,?,?,?,?,?,10026048,000000FF), ref: 100041A7
                    • ResetEvent.KERNEL32(?,?,?,?,?,?,10026048,000000FF), ref: 100041B0
                    • ResetEvent.KERNEL32(?,?,?,?,?,?,10026048,000000FF), ref: 100041B9
                      • Part of subcall function 10001600: HeapFree.KERNEL32(?,00000000,?,?,75923070,?,100041C6,?,?,?,?,?,10026048,000000FF), ref: 10001641
                      • Part of subcall function 10001650: HeapFree.KERNEL32(?,00000000,?,75923070,?,?,100041D1,?,?,?,?,?,10026048,000000FF), ref: 10001675
                      • Part of subcall function 10001650: _free.LIBCMT ref: 10001691
                    • HeapDestroy.KERNEL32(?,?,?,?,?,?,10026048,000000FF), ref: 100041D9
                    • HeapCreate.KERNEL32(?,?,?,?,?,?,?,?,10026048,000000FF), ref: 100041F4
                    • SetEvent.KERNEL32 ref: 1000421C
                    • LeaveCriticalSection.KERNEL32(?), ref: 10004223
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: EventHeap$Reset$CriticalFreeSection$CreateDestroyEnterLeave_free
                    • String ID:
                    • API String ID: 1219087420-0
                    • Opcode ID: 435a6a1c9af187304fbe13b8c525581f8d694a9dcb74a572eed8d04037b26f3c
                    • Instruction ID: d656f9df4054cb2f9b6e2b34b5196a715ac28706afc622d3c6bd1a9f645ac25a
                    • Opcode Fuzzy Hash: 435a6a1c9af187304fbe13b8c525581f8d694a9dcb74a572eed8d04037b26f3c
                    • Instruction Fuzzy Hash: 7E21F4B5500B04AFE325DF79CC84BABB7E8FF48650F10891EE96A83650DB34B905CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #289.MFC42 ref: 004106E0
                    • GetDeviceCaps.GDI32 ref: 004106F4
                    • #5791.MFC42(?,00000000), ref: 00410717
                    • RealizePalette.GDI32(00000026), ref: 00410721
                    • InvalidateRect.USER32(00000026,00000000,00000001), ref: 00410735
                    • #613.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415888), ref: 00410747
                    • #2379.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415888,000000FF), ref: 00410761
                    • #613.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00415888,000000FF), ref: 00410774
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #613$#2379#289#5791CapsDeviceInvalidatePaletteRealizeRect
                    • String ID:
                    • API String ID: 3939794635-0
                    • Opcode ID: ac019ff7fababe55172cc57d2ed011702bf43d1537ce70e274bc6c1be2df68ba
                    • Instruction ID: 94fa9ae07217d31f281c493b8b7fdb0f5063fbf6f8c6a362dc1cda344ae8a407
                    • Opcode Fuzzy Hash: ac019ff7fababe55172cc57d2ed011702bf43d1537ce70e274bc6c1be2df68ba
                    • Instruction Fuzzy Hash: 79119D75200741ABD324DB18C845BDAB7A4FBC8B20F044B2DB56A933C0DB78D885CB55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00000190,00000000,00000000), ref: 00403BCA
                    • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00403BE0
                    • #3092.MFC42(000003F2,?,004034E2,00000001), ref: 00403BED
                    • #4123.MFC42(000003F2,?,004034E2,00000001), ref: 00403BF4
                    • #3092.MFC42(000003F2,?,004034E2,00000001), ref: 00403C08
                    • #4123.MFC42(000003F2,?,004034E2,00000001), ref: 00403C0F
                    • #3092.MFC42(000003F2,00000000,000003F2,?,004034E2,00000001), ref: 00403C21
                    • #2642.MFC42(000003F2,00000000,000003F2,?,004034E2,00000001), ref: 00403C28
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3092$#4123MessageSend$#2642
                    • String ID:
                    • API String ID: 229567068-0
                    • Opcode ID: 1da385812af60d4ac984f857857e0e356a0b5448d83a480fc2321e94da33feb1
                    • Instruction ID: 2025d5adfebf209e90358a620bf90823efce53262a3e7a8c79bd204d9c784b62
                    • Opcode Fuzzy Hash: 1da385812af60d4ac984f857857e0e356a0b5448d83a480fc2321e94da33feb1
                    • Instruction Fuzzy Hash: 22F0A972B8431162F9246A3A0D13FAF148D5B84B06F01043AB742FA2C2DEA9EA82434C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$#2379Child
                    • String ID:
                    • API String ID: 3424149459-0
                    • Opcode ID: bcfba748374f0b3958d9fe39b472eadd9e689d2df161eccfe8c13d28650a17db
                    • Instruction ID: f3806a291e816c504acb7e5488948a452229736f849573c29a3a92707d40d8b6
                    • Opcode Fuzzy Hash: bcfba748374f0b3958d9fe39b472eadd9e689d2df161eccfe8c13d28650a17db
                    • Instruction Fuzzy Hash: F7F01272600304ABC710ABB5DC88CAB77ADFFD9355305492EF28587751DB39EC4187A8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __setlocale_get_all_strcspn_strlen_strncmp_strpbrk
                    • String ID:
                    • API String ID: 3252769141-0
                    • Opcode ID: 8b972dcf249a51d321e0cc1a25437e4d4a5e5a9e899c808c2915b681c6e56564
                    • Instruction ID: 813a5299c6fc13803eb3759541a5ac98bb379cce70d84f0088f775bc2ed462ed
                    • Opcode Fuzzy Hash: 8b972dcf249a51d321e0cc1a25437e4d4a5e5a9e899c808c2915b681c6e56564
                    • Instruction Fuzzy Hash: 7E51B2729002569EEF309A70DC8CBBABAB9BB41354F1444EAD509E3141EF31CA88CF19
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _free.LIBCMT ref: 100019C8
                    • _free.LIBCMT ref: 10001A06
                    • _free.LIBCMT ref: 10001A45
                    • _free.LIBCMT ref: 10001A85
                    • _free.LIBCMT ref: 10001AAD
                    • _free.LIBCMT ref: 10001AD1
                    • _free.LIBCMT ref: 10001B09
                      • Part of subcall function 10012E7A: HeapFree.KERNEL32(00000000,00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012E90
                      • Part of subcall function 10012E7A: GetLastError.KERNEL32(00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012EA2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: a99d7cc222ea8883efc252a43eb08372f6e6d784fa04ff45eb70cdb301b26fd1
                    • Instruction ID: 0c506a91f86669333bcfac779dd841cd0150688dc22a40f8bbd42713bdb34d7c
                    • Opcode Fuzzy Hash: a99d7cc222ea8883efc252a43eb08372f6e6d784fa04ff45eb70cdb301b26fd1
                    • Instruction Fuzzy Hash: D9515CB6A021118FE704DF48C4D0999BBE6FF8939472685ADE5095F326D732BC42CBD2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _free.LIBCMT ref: 025535CC
                    • _free.LIBCMT ref: 0255360A
                    • _free.LIBCMT ref: 02553649
                    • _free.LIBCMT ref: 02553689
                    • _free.LIBCMT ref: 025536B1
                    • _free.LIBCMT ref: 025536D5
                    • _free.LIBCMT ref: 0255370D
                      • Part of subcall function 02564A7E: HeapFree.KERNEL32(00000000,00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564A94
                      • Part of subcall function 02564A7E: GetLastError.KERNEL32(00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564AA6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: a99d7cc222ea8883efc252a43eb08372f6e6d784fa04ff45eb70cdb301b26fd1
                    • Instruction ID: e4c1b4b92819fb6ca599606a9f0841ca5f4cfeaabc618848ecad4ea40fbb8772
                    • Opcode Fuzzy Hash: a99d7cc222ea8883efc252a43eb08372f6e6d784fa04ff45eb70cdb301b26fd1
                    • Instruction Fuzzy Hash: 00515DB6A01121AFC710DF58C4E4869BBE6BF8835871984AED90E5F321C732BD46CF95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsWindowVisible.USER32(?), ref: 0040F0DB
                    • #6215.MFC42(00000000), ref: 0040F0ED
                    • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 0040F129
                    • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?), ref: 0040F16C
                    • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 0040F1C3
                    • InvalidateRect.USER32(?,?,00000001,00000000,?,?,?), ref: 0040F206
                    • InvalidateRect.USER32(?,?,00000001,00000000,?,?), ref: 0040F228
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: InvalidateRect$MessageSend$#6215VisibleWindow
                    • String ID:
                    • API String ID: 3841919118-0
                    • Opcode ID: 412c80f7836fe31c3145c205f55fa5d9b7536dff010446cfcba078a577e1a7b6
                    • Instruction ID: 99804508dc9de475c64cca93e1b3ba539419ba292049f16c297087a4d1c1c26e
                    • Opcode Fuzzy Hash: 412c80f7836fe31c3145c205f55fa5d9b7536dff010446cfcba078a577e1a7b6
                    • Instruction Fuzzy Hash: A7417270200705ABD624EB25C880EEBB3E9FB88714F004D3EF5A9972C1D679ED098B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSASetLastError.WS2_32(0000000D,FCCBADC3), ref: 10004BC9
                    • EnterCriticalSection.KERNEL32(?,FCCBADC3), ref: 10004BEF
                    • WSASetLastError.WS2_32(00002746), ref: 10004C08
                    • LeaveCriticalSection.KERNEL32(?), ref: 10004C0F
                    • timeGetTime.WINMM ref: 10004C75
                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,100260D8,000000FF), ref: 10004CAD
                    • LeaveCriticalSection.KERNEL32(?), ref: 10004CD5
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$ErrorLast$EnterTimetime
                    • String ID:
                    • API String ID: 3731243816-0
                    • Opcode ID: b826d47a4d7f36f1130752e2352c9a6f15884cce8bd74ee486552a74e5c48ec5
                    • Instruction ID: 17ebc33221eb79384dcb1f595a81f3b8113da03dbeb43e2bfbd0fdb6d8764104
                    • Opcode Fuzzy Hash: b826d47a4d7f36f1130752e2352c9a6f15884cce8bd74ee486552a74e5c48ec5
                    • Instruction Fuzzy Hash: 9651AEB56047458FE720CF58C885F5AF7F8FB487A0F12866AE846C3790DB75A804CB58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSASetLastError.WS2_32(0000000D,1002F840), ref: 025567CD
                    • RtlEnterCriticalSection.NTDLL(?), ref: 025567F3
                    • WSASetLastError.WS2_32(00002746), ref: 0255680C
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 02556813
                    • timeGetTime.WINMM ref: 02556879
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 025568B1
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 025568D9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$ErrorLast$EnterTimetime
                    • String ID:
                    • API String ID: 3731243816-0
                    • Opcode ID: b826d47a4d7f36f1130752e2352c9a6f15884cce8bd74ee486552a74e5c48ec5
                    • Instruction ID: 9c9ca38613648c04e12fea06bf958269bcfcd23d29ee3eb46054bf94e7ed24c3
                    • Opcode Fuzzy Hash: b826d47a4d7f36f1130752e2352c9a6f15884cce8bd74ee486552a74e5c48ec5
                    • Instruction Fuzzy Hash: 6C51AD71A047A48FDB20CF59C895B6AFBF8FB48720F40466BEC4A83780D739A844CB54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cb5adf9cdb666468103a8770eec061ec532e8a34d845f9b87f8a382040d603bb
                    • Instruction ID: 9daec1c0d6caf217799b65baf588ef6253ae1056c4913828644c6e7bcbb66d74
                    • Opcode Fuzzy Hash: cb5adf9cdb666468103a8770eec061ec532e8a34d845f9b87f8a382040d603bb
                    • Instruction Fuzzy Hash: CE41A2B1600204ABE750CF68DC85F6B77E9EF88795F204169FA08CB245E771E9018BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetFocus.USER32 ref: 0040D462
                    • #2864.MFC42(00000000), ref: 0040D469
                      • Part of subcall function 0040CC30: #3797.MFC42 ref: 0040CC39
                      • Part of subcall function 0040CC30: SendMessageA.USER32(?,00001027,00000000,00000000), ref: 0040CC5C
                      • Part of subcall function 0040CC30: SendMessageA.USER32(?,00001028,00000000,00000000), ref: 0040CC71
                      • Part of subcall function 0040CC30: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CC88
                      • Part of subcall function 0040CC30: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040CC9B
                      • Part of subcall function 0040CC30: #3293.MFC42(00000000,?,00000000), ref: 0040CCC4
                      • Part of subcall function 0040CC30: PtInRect.USER32(?,?,?), ref: 0040CCE6
                      • Part of subcall function 0040CC30: SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040CD06
                    • #3286.MFC42(00000000,00000000), ref: 0040D49A
                    • #3293.MFC42(00000000,?,00000002,00000000,00000000), ref: 0040D4DE
                    • #540.MFC42(00000000,00000000), ref: 0040D526
                    • #800.MFC42 ref: 0040D577
                    • #2379.MFC42 ref: 0040D57E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3293$#2379#2864#3286#3797#540#800FocusRect
                    • String ID:
                    • API String ID: 3548020944-0
                    • Opcode ID: 318e63972e4869f69d889a2b8614ba71db40905c60469104eca5ee5422ef64e3
                    • Instruction ID: cf44b26619ba267250062ac1ad22e25917217e2f74edf2a148b86babe4557c1b
                    • Opcode Fuzzy Hash: 318e63972e4869f69d889a2b8614ba71db40905c60469104eca5ee5422ef64e3
                    • Instruction Fuzzy Hash: F54192706043416BD714DF65C841FAFB7E9EBC8718F004A2EF995932C0DB78E9098B5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • wsprintfA.USER32 ref: 02560F66
                    • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 02560F77
                    • GetLastError.KERNEL32 ref: 02560F83
                    • ReleaseMutex.KERNEL32(00000000), ref: 02560F91
                    • CloseHandle.KERNEL32(00000000), ref: 02560F98
                      • Part of subcall function 02565F48: _doexit.LIBCMT ref: 02565F54
                    • GetTickCount.KERNEL32 ref: 02560FDB
                    • GetTickCount.KERNEL32 ref: 02560FF6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CountMutexTick$CloseCreateErrorHandleLastRelease_doexitwsprintf
                    • String ID:
                    • API String ID: 3645654511-0
                    • Opcode ID: cee7fe446263ab51ed1253e503c3986633bbb5ae920447fb188cc8edf8cd2f40
                    • Instruction ID: 07790a931ce4ca8398c32ee702d216f6a2d4eafe317c0a784341a2918ff06f77
                    • Opcode Fuzzy Hash: cee7fe446263ab51ed1253e503c3986633bbb5ae920447fb188cc8edf8cd2f40
                    • Instruction Fuzzy Hash: 7B419271500654DFEB10EB68CD98BBEB7B5FF85300F504598E909AB280DB316A49CFA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 1000A5EC
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107A4
                      • Part of subcall function 1001078F: __CxxThrowException@8.LIBCMT ref: 100107B9
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107CA
                    • _memmove.LIBCMT ref: 1000A647
                    • _memmove.LIBCMT ref: 1000A657
                    • _memmove.LIBCMT ref: 1000A669
                    • _memmove.LIBCMT ref: 1000A6A6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                    • String ID: vector<T> too long
                    • API String ID: 4034224661-3788999226
                    • Opcode ID: 5d42e0830c7f7860a773cc7976727fc01981f5e3514d193d80829e27a596f26a
                    • Instruction ID: 61ff0c5e7695f04614370782eb153271abd45ac7e27b4ce612a2fa29502de201
                    • Opcode Fuzzy Hash: 5d42e0830c7f7860a773cc7976727fc01981f5e3514d193d80829e27a596f26a
                    • Instruction Fuzzy Hash: AE31AFB6A00605AFDB18DF68CC8596B77EAEFD4210B148B2DF855C7344EA70E9518B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleW.KERNEL32(100295C0,?,025663E2,1002D090,00000008,02566576,?,?,?,1002D0B0,0000000C,02566631,?), ref: 0256C3E8
                    • __mtterm.LIBCMT ref: 0256C3F4
                      • Part of subcall function 0256C0BF: RtlDecodePointer.NTDLL(1002FC9C), ref: 0256C0D0
                      • Part of subcall function 0256C0BF: TlsFree.KERNEL32(1002FCA0,025664A5,0256648B,1002D090,00000008,02566576,?,?,?,1002D0B0,0000000C,02566631,?), ref: 0256C0EA
                      • Part of subcall function 0256C0BF: _free.LIBCMT ref: 0256ECCA
                    • TlsAlloc.KERNEL32(?,?,025663E2,1002D090,00000008,02566576,?,?,?,1002D0B0,0000000C,02566631,?), ref: 0256C481
                    • __init_pointers.LIBCMT ref: 0256C4A6
                    • __calloc_crt.LIBCMT ref: 0256C514
                    • GetCurrentThreadId.KERNEL32 ref: 0256C540
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
                    • String ID:
                    • API String ID: 347030822-0
                    • Opcode ID: 12e99c80e21cb94e70e4b6d6703bfb5c16548aa607dfcf1d1070f879afc85ebf
                    • Instruction ID: c8c219c49feba6d6b0bd8ee044bc93574b0cf2cd46c9d0d5bd5dbd7ad957e22c
                    • Opcode Fuzzy Hash: 12e99c80e21cb94e70e4b6d6703bfb5c16548aa607dfcf1d1070f879afc85ebf
                    • Instruction Fuzzy Hash: 60317E309042759FEB12AF79CD8C6A63FB6FB4A361718052BE4549B2B1EB348445CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009329
                      • Part of subcall function 100107DC: std::exception::exception.LIBCMT ref: 100107F1
                      • Part of subcall function 100107DC: __CxxThrowException@8.LIBCMT ref: 10010806
                      • Part of subcall function 100107DC: std::exception::exception.LIBCMT ref: 10010817
                    • std::_Xinvalid_argument.LIBCPMT ref: 1000934A
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009365
                    • _memmove.LIBCMT ref: 100093CD
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                    • String ID: invalid string position$string too long
                    • API String ID: 443534600-4289949731
                    • Opcode ID: a83b976570256579eb0c52cb15579564b8662659562b991e78f75f25b7b07625
                    • Instruction ID: ac024d3f851097c4ebc30bb546e08201238b91a151ccc92675be2b38f6f68b5a
                    • Opcode Fuzzy Hash: a83b976570256579eb0c52cb15579564b8662659562b991e78f75f25b7b07625
                    • Instruction Fuzzy Hash: 913198327046158BE724DE5CE880A6EB3E5FF906A0B11062EF596CB6D5D770EE408B91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 0040F560: #3092.MFC42(00000000,0040AF2D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040F562
                      • Part of subcall function 0040F560: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040F578
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040EEEF
                    • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040EF1F
                    • #3293.MFC42(00000000,?,00000000,75A73EB0,?,?,?,?,?,?,?,?,?,0040DAAD,?), ref: 0040EF37
                    • SetRect.USER32(?,00000000,00000000,?,00000000), ref: 0040EF54
                    • GetClientRect.USER32(?,?), ref: 0040EF63
                    • SendMessageA.USER32(?,00001014,00000000,00000000), ref: 0040EF84
                    • SendMessageA.USER32(?,00001014,?,00000000), ref: 0040EFAF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$Rect$#3092#3293Client
                    • String ID:
                    • API String ID: 643703033-0
                    • Opcode ID: 9dd0be4474f4f130e561151c90359b524b80e6ef2833bf736f57675fb39aa5f1
                    • Instruction ID: 23c15c50c5614395a0005123b8063f8e2d6138e146931547d8b15ac2c7d4e680
                    • Opcode Fuzzy Hash: 9dd0be4474f4f130e561151c90359b524b80e6ef2833bf736f57675fb39aa5f1
                    • Instruction Fuzzy Hash: 5821A7752443417BD324DB65DC85FABB3A8FBC8704F04492EF645D72C0D675E8068769
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • recv.WS2_32(1000509D,?,00000598,00000000), ref: 10004DC4
                    • SetLastError.KERNEL32(00000000,?,00000001,1000509D), ref: 10004DFF
                    • GetLastError.KERNEL32 ref: 10004E4F
                    • WSAGetLastError.WS2_32(?,00000001,1000509D), ref: 10004E82
                    • WSASetLastError.WS2_32(0000000D,?,00000001,1000509D), ref: 10004EA9
                    Strings
                    • <C-CNNID: %Iu> OnReceive() event return 'HR_ERROR', connection will be closed !, xrefs: 10004E42
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast$recv
                    • String ID: <C-CNNID: %Iu> OnReceive() event return 'HR_ERROR', connection will be closed !
                    • API String ID: 316788870-3078442173
                    • Opcode ID: 64d3a0e672f84c2be56cee985c0e820edbafee9c4799b7bb2106a1d4dd02f221
                    • Instruction ID: 099303f8eb8d83fad6ecadd63bb9a6d7dcdff50a8618157f6ae54c7d3ad2c424
                    • Opcode Fuzzy Hash: 64d3a0e672f84c2be56cee985c0e820edbafee9c4799b7bb2106a1d4dd02f221
                    • Instruction Fuzzy Hash: FE31B1B16057409FF360DB68D8C8B5B77E5FB843A5F12092EE506C3698DB71F8418A54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __CxxThrowException@8.LIBCMT ref: 02559788
                      • Part of subcall function 025647A5: RaiseException.KERNEL32(?,?,?,?), ref: 025647E7
                    • std::exception::exception.LIBCMT ref: 025597AC
                    • __CxxThrowException@8.LIBCMT ref: 025597C7
                    • std::exception::exception.LIBCMT ref: 025597E6
                    • __CxxThrowException@8.LIBCMT ref: 02559801
                    • std::exception::exception.LIBCMT ref: 0255981B
                    • __CxxThrowException@8.LIBCMT ref: 02559836
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
                    • String ID:
                    • API String ID: 4237746311-0
                    • Opcode ID: 264a4d43613612ab267e87bf00641532aea2bd1f1a1c1a3417c07857d2a78542
                    • Instruction ID: 5cf6285c1db7e08eeb7124c7e4b82dcfa563b4a63e5cfaa77959cac70f7a3271
                    • Opcode Fuzzy Hash: 264a4d43613612ab267e87bf00641532aea2bd1f1a1c1a3417c07857d2a78542
                    • Instruction Fuzzy Hash: 6E2171B180014EAADB11EFD9D414BEEBBB9FF84310F54804AEA19A7240EB785704CFA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #567.MFC42(?,?,?,?,?,00414CA2,000000FF), ref: 00405CE5
                    • #540.MFC42(?,?,?,?,?,00414CA2,000000FF), ref: 00405CF4
                      • Part of subcall function 00407410: #567.MFC42(?,00000000,?,00000000,00414E63,000000FF,00405D06,?,?,?,?,?,00414CA2,000000FF), ref: 0040742E
                      • Part of subcall function 00407410: #540.MFC42(?,00000000,?,00000000,00414E63,000000FF,00405D06,?,?,?,?,?,00414CA2,000000FF), ref: 00407442
                      • Part of subcall function 00407410: #540.MFC42(?,00000000,?,00000000,00414E63,000000FF,00405D06,?,?,?,?,?,00414CA2,000000FF), ref: 0040744F
                      • Part of subcall function 00407FF0: #567.MFC42(?,00405D16,?,?,?,?,?,00414CA2,000000FF), ref: 00407FF3
                      • Part of subcall function 00407FF0: GetSysColor.USER32 ref: 00408007
                      • Part of subcall function 00407BE0: #567.MFC42(?,?,00000000,00414EF8,000000FF,00405D26,?,?,?,?,?,00414CA2,000000FF), ref: 00407BFD
                      • Part of subcall function 00407BE0: #540.MFC42(?,?,00000000,00414EF8,000000FF,00405D26,?,?,?,?,?,00414CA2,000000FF), ref: 00407C13
                    • LoadBitmapA.USER32(00000000,00007FE2), ref: 00405D56
                    • #858.MFC42(?,?,?,?,?,?,00414CA2,000000FF), ref: 00405D66
                    • GetSystemMetrics.USER32(00000015), ref: 00405D7F
                    • GetSysColor.USER32 ref: 00405DA8
                    • #800.MFC42 ref: 00405DBC
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#567$Color$#800#858BitmapLoadMetricsSystem
                    • String ID:
                    • API String ID: 2827053716-0
                    • Opcode ID: f1b041d9b6c5dbf9c803ca7690fe0a2990b00ef03b48f9359801eacc2e82db72
                    • Instruction ID: c81876d1c3a9892ed1318f4a3180e3bcbfce7ec290c5190c0c96e12eb8e62341
                    • Opcode Fuzzy Hash: f1b041d9b6c5dbf9c803ca7690fe0a2990b00ef03b48f9359801eacc2e82db72
                    • Instruction Fuzzy Hash: 3B313970508B918FD321DF29C48179BFFE4BB99718F00491EE5DA53792C7B9A148CB62
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 02555EC8
                    • send.WS2_32(?,10027490,00000010,00000000), ref: 02555F01
                    • SetEvent.KERNEL32(00040000), ref: 02555F24
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 02555F2F
                    • WSACloseEvent.WS2_32(?), ref: 02555F3D
                    • shutdown.WS2_32(?,00000001), ref: 02555F51
                    • closesocket.WS2_32(?), ref: 02555F5B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Event$CloseCurrentExchangeInterlockedThreadclosesocketsendshutdown
                    • String ID:
                    • API String ID: 2609651166-0
                    • Opcode ID: 1051c8803a86a7f00e0a2abc9789f8ec58f828892bf28140c87b44843692ec02
                    • Instruction ID: 484f35aa5be81d4d0dfecf982d92c9ed33ce56e07c9c0c27da3f025ee8c7ca22
                    • Opcode Fuzzy Hash: 1051c8803a86a7f00e0a2abc9789f8ec58f828892bf28140c87b44843692ec02
                    • Instruction Fuzzy Hash: 44119071200B319BD6309B39DC9896BBBF9FFD47157540A0EF946C66A0EB31E842CB24
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __CxxThrowException@8.LIBCMT ref: 10007B84
                      • Part of subcall function 10012BA1: RaiseException.KERNEL32(?,?,10012F33,?,?,?,?,?,10012F33,?,1002BF84,100310A8,?,?,1000FF39,00000004), ref: 10012BE3
                    • std::exception::exception.LIBCMT ref: 10007BA8
                    • __CxxThrowException@8.LIBCMT ref: 10007BC3
                    • std::exception::exception.LIBCMT ref: 10007BE2
                    • __CxxThrowException@8.LIBCMT ref: 10007BFD
                    • std::exception::exception.LIBCMT ref: 10007C17
                    • __CxxThrowException@8.LIBCMT ref: 10007C32
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
                    • String ID:
                    • API String ID: 4237746311-0
                    • Opcode ID: 2b1d88e40de80da695cd8280f2bdc1e3cfcd76613b62c308c953f9cd85271c5d
                    • Instruction ID: ea29548f9fcd181bb9c315dfebdd7251b0ac3ee921a8fbf52db9f25ecd10f4fd
                    • Opcode Fuzzy Hash: 2b1d88e40de80da695cd8280f2bdc1e3cfcd76613b62c308c953f9cd85271c5d
                    • Instruction Fuzzy Hash: C02130B580014CAADB41DFD4D552BEDB7B8EF44350F50C04AEA0A6B241DB74AB44CFA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __CxxThrowException@8.LIBCMT ref: 02559788
                      • Part of subcall function 025647A5: RaiseException.KERNEL32(?,?,?,?), ref: 025647E7
                    • std::exception::exception.LIBCMT ref: 025597AC
                    • __CxxThrowException@8.LIBCMT ref: 025597C7
                    • std::exception::exception.LIBCMT ref: 025597E6
                    • __CxxThrowException@8.LIBCMT ref: 02559801
                    • std::exception::exception.LIBCMT ref: 0255981B
                    • __CxxThrowException@8.LIBCMT ref: 02559836
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
                    • String ID:
                    • API String ID: 4237746311-0
                    • Opcode ID: 58bd5696ed13c0d3b8313e1075663a681e771b10abb53e5bbc250d1c94da247a
                    • Instruction ID: f7cbfbdce2b464d1519fe7f9261552221cfbea104fe67f92ca2a084385162185
                    • Opcode Fuzzy Hash: 58bd5696ed13c0d3b8313e1075663a681e771b10abb53e5bbc250d1c94da247a
                    • Instruction Fuzzy Hash: B62141B180014EAADB11EFD9D554BEEBBB9FF84310F54804AE919A7240DB785704CFA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 10013640
                    • __calloc_crt.LIBCMT ref: 1001364C
                    • __getptd.LIBCMT ref: 10013659
                    • CreateThread.KERNEL32(100104B0,?,100135B6,00000000,?,00000000), ref: 10013690
                    • GetLastError.KERNEL32(?,10010532,?,?,100104B0,?,?,?,?,?), ref: 1001369A
                    • _free.LIBCMT ref: 100136A3
                    • __dosmaperr.LIBCMT ref: 100136AE
                      • Part of subcall function 1001350D: __getptd_noexit.LIBCMT ref: 1001350D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                    • String ID:
                    • API String ID: 155776804-0
                    • Opcode ID: 4322d06265b0925dea6bdb789c1e8d7d9befcf97368f24891a52023014ca90a9
                    • Instruction ID: 5c59e672b88cb2bcfc433f1c4ef2b01d1288423b102b686241f6978629a51cde
                    • Opcode Fuzzy Hash: 4322d06265b0925dea6bdb789c1e8d7d9befcf97368f24891a52023014ca90a9
                    • Instruction Fuzzy Hash: D1114436200756BFE710DFA49C4598F7BE8EF053B0B11C029F918DE251DB31E8C08AA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 02565244
                    • __calloc_crt.LIBCMT ref: 02565250
                    • __getptd.LIBCMT ref: 0256525D
                    • CreateThread.KERNEL32(?,?,100135B6,00000000,?,10003590), ref: 02565294
                    • GetLastError.KERNEL32(?,10027290,?,?,02555439,00000000,00000000,10003590,?,00000000,00000065), ref: 0256529E
                    • _free.LIBCMT ref: 025652A7
                    • __dosmaperr.LIBCMT ref: 025652B2
                      • Part of subcall function 02565111: __getptd_noexit.LIBCMT ref: 02565111
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                    • String ID:
                    • API String ID: 155776804-0
                    • Opcode ID: 52201d3a523fc3ca3f3ac5e7edf166835b3bca7351e5067331d6e8010e25afda
                    • Instruction ID: 88c88bc45ee34e8a84d7866fc6a05af4568835acf6a058b2fb92ede067aa6c39
                    • Opcode Fuzzy Hash: 52201d3a523fc3ca3f3ac5e7edf166835b3bca7351e5067331d6e8010e25afda
                    • Instruction Fuzzy Hash: C8110832245707AFDB21AFA4DC4C9BB7B9AFF85774B100416FD5987150EB71D4018AA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd_noexit.LIBCMT ref: 100178EA
                      • Part of subcall function 1001A5AC: GetLastError.KERNEL32(?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A5B0
                      • Part of subcall function 1001A5AC: ___set_flsgetvalue.LIBCMT ref: 1001A5BE
                      • Part of subcall function 1001A5AC: __calloc_crt.LIBCMT ref: 1001A5D2
                      • Part of subcall function 1001A5AC: DecodePointer.KERNEL32(00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A5EC
                      • Part of subcall function 1001A5AC: GetCurrentThreadId.KERNEL32 ref: 1001A602
                      • Part of subcall function 1001A5AC: SetLastError.KERNEL32(00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A61A
                    • __calloc_crt.LIBCMT ref: 1001790C
                    • __get_sys_err_msg.LIBCMT ref: 1001792A
                    • _strcpy_s.LIBCMT ref: 10017932
                    • __invoke_watson.LIBCMT ref: 10017947
                    Strings
                    • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 100178F7, 1001791A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                    • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                    • API String ID: 3117964792-798102604
                    • Opcode ID: 719f33c0b994678c272305090d24e722a3b258892aeb2cbb2fd9f06dfa8e025e
                    • Instruction ID: 094e89a15a6552e3b0c45c6efe5f2f7772674c792387ea6e93d73340db2dd7de
                    • Opcode Fuzzy Hash: 719f33c0b994678c272305090d24e722a3b258892aeb2cbb2fd9f06dfa8e025e
                    • Instruction Fuzzy Hash: 5EF0467A6053412BD320E9296C4181F72FCFB84564B61047AFA4C9F102DA71ECC08396
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 004029E0: #3092.MFC42(00000000), ref: 004029ED
                      • Part of subcall function 00403C80: #324.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CA7
                      • Part of subcall function 00403C80: #567.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CB9
                      • Part of subcall function 00403C80: #567.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CD1
                      • Part of subcall function 00403C80: #540.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CE9
                      • Part of subcall function 00403C80: #540.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403CFB
                      • Part of subcall function 00403C80: #540.MFC42(00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D0D
                      • Part of subcall function 00403C80: #860.MFC42(0041BB74,00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D24
                      • Part of subcall function 00403C80: #860.MFC42(0041BB74,0041BB74,00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D30
                      • Part of subcall function 00403C80: #860.MFC42(0041BB74,0041BB74,0041BB74,00000067,?,?,?,?,?,?,?,00414A3B,000000FF), ref: 00403D44
                    • #2514.MFC42 ref: 0040F9B6
                    • #800.MFC42 ref: 0040F9DF
                    • #800.MFC42 ref: 0040F9F3
                    • #800.MFC42 ref: 0040FA07
                    • #692.MFC42 ref: 0040FA1B
                    • #616.MFC42 ref: 0040FA2C
                    • #641.MFC42 ref: 0040FA40
                      • Part of subcall function 004027C0: #3092.MFC42(00000000), ref: 004027D1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #540#800#860$#3092#567$#2514#324#616#641#692
                    • String ID:
                    • API String ID: 3582498933-0
                    • Opcode ID: 37fe153bc43f5cbac06ebf52bfedcda5422dee33a49758a61ab8b90ae1c39e4a
                    • Instruction ID: 39454097379f9084a2c4cb2da2e0b3ec86b2048b1384059fc194e5c269abcef2
                    • Opcode Fuzzy Hash: 37fe153bc43f5cbac06ebf52bfedcda5422dee33a49758a61ab8b90ae1c39e4a
                    • Instruction Fuzzy Hash: 9A21AF704097819BD334EB24C581BEEBBE4AFA4714F00492EE5E9132C1DBB81589CB67
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2302.MFC42(?,000003F7,?), ref: 00403E33
                    • #2302.MFC42(?,000003F1,?,?,000003F7,?), ref: 00403E45
                    • #2370.MFC42(?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403E57
                    • #2370.MFC42(?,000003F9,?,?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403E69
                    • #2362.MFC42(?,000003FA,?,?,000003F9,?,?,000003F8,?,?,000003F1,?,?,000003F7,?), ref: 00403E7B
                    • #2294.MFC42(?,?,00000000,00000400,?,000003FA,?,?,000003F9,?,?,000003F8,?,?,000003F1,?), ref: 00403E8B
                    • #2370.MFC42(?,000003FE,?,?,?,00000000,00000400,?,000003FA,?,?,000003F9,?,?,000003F8,?), ref: 00403E9D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2370$#2302$#2294#2362
                    • String ID:
                    • API String ID: 465330616-0
                    • Opcode ID: ed092e2268fcbcccef52649f0f5fc60db2d5e7059934a9093e26e7542985ea56
                    • Instruction ID: 854beb60e4ee252eb0becd13a7a1acad2040dbdf753093ffd2c515f80d25c53e
                    • Opcode Fuzzy Hash: ed092e2268fcbcccef52649f0f5fc60db2d5e7059934a9093e26e7542985ea56
                    • Instruction Fuzzy Hash: 2FF044725C06167FE115E752CC82FFB66ACDBCAB14F00442EB3556A0C1DF982A4A53BE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,1002D350,00000008,1001A600,00000000,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000), ref: 1001A509
                    • __lock.LIBCMT ref: 1001A53D
                      • Part of subcall function 1001D1D6: __mtinitlocknum.LIBCMT ref: 1001D1EC
                      • Part of subcall function 1001D1D6: __amsg_exit.LIBCMT ref: 1001D1F8
                      • Part of subcall function 1001D1D6: EnterCriticalSection.KERNEL32(?,?,?,1001A542,0000000D,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000), ref: 1001D200
                    • InterlockedIncrement.KERNEL32(1002FCC0), ref: 1001A54A
                    • __lock.LIBCMT ref: 1001A55E
                    • ___addlocaleref.LIBCMT ref: 1001A57C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                    • String ID: KERNEL32.DLL
                    • API String ID: 637971194-2576044830
                    • Opcode ID: 768fbc726d92abb0bb228344006085a731e37b07853c9766efa8d1f6e48e993b
                    • Instruction ID: 889038e0d6019256d0552216986c96d33fa5c92401c09f926cca36c74693d346
                    • Opcode Fuzzy Hash: 768fbc726d92abb0bb228344006085a731e37b07853c9766efa8d1f6e48e993b
                    • Instruction Fuzzy Hash: 50018B75401B04EAE721DFA5D845749BBE0FF04320F60890EE49A9B3A1CBB4E680CB11
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CBC8
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CBD5
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CBE2
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CBEF
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CBFC
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CC09
                    • #800.MFC42(?,?,?,0041553F,000000FF), ref: 0040CC18
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #800
                    • String ID:
                    • API String ID: 1076129211-0
                    • Opcode ID: a5ec448be8d2841e52036e63c569cdbdc1108159e69a8744865481d87c98e1af
                    • Instruction ID: 55e4c034e8bf35e8509586db42415eb5257e28f6e2e7d678b48d63d3ddb80c13
                    • Opcode Fuzzy Hash: a5ec448be8d2841e52036e63c569cdbdc1108159e69a8744865481d87c98e1af
                    • Instruction Fuzzy Hash: F70152304487D19BD314EF15C401B9AFBE4BB59B25F400F0EF4A6026C1CBB8A24ACB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 100135BC
                      • Part of subcall function 1001A46A: TlsGetValue.KERNEL32(?,1001A5C3,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A473
                      • Part of subcall function 1001A46A: DecodePointer.KERNEL32(?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A485
                      • Part of subcall function 1001A46A: TlsSetValue.KERNEL32(00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A494
                    • ___fls_getvalue@4.LIBCMT ref: 100135C7
                      • Part of subcall function 1001A44A: TlsGetValue.KERNEL32(?,?,100135CC,00000000), ref: 1001A458
                    • ___fls_setvalue@8.LIBCMT ref: 100135DA
                      • Part of subcall function 1001A49E: DecodePointer.KERNEL32(?,?,?,100135DF,00000000,?,00000000), ref: 1001A4AF
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 100135E3
                    • ExitThread.KERNEL32 ref: 100135EA
                    • GetCurrentThreadId.KERNEL32 ref: 100135F0
                    • __freefls@4.LIBCMT ref: 10013610
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                    • String ID:
                    • API String ID: 2383549826-0
                    • Opcode ID: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction ID: 1f4a9ec6495e7c115d8d6bd07618927870ab57304695706120a6265854e1ddf4
                    • Opcode Fuzzy Hash: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction Fuzzy Hash: 14F03078401741ABD704EF65CA4A80E7BEAEF8A244B25C454F8088F213DB34E8C2CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 025651C0
                      • Part of subcall function 0256C06E: TlsGetValue.KERNEL32(0000FFFF,0256C1C7,?,0000FFFF,02565116,02572A8D), ref: 0256C077
                      • Part of subcall function 0256C06E: RtlDecodePointer.NTDLL ref: 0256C089
                      • Part of subcall function 0256C06E: TlsSetValue.KERNEL32(00000000,?,0000FFFF,02565116,02572A8D), ref: 0256C098
                    • ___fls_getvalue@4.LIBCMT ref: 025651CB
                      • Part of subcall function 0256C04E: TlsGetValue.KERNEL32(?,?,025651D0,00000000), ref: 0256C05C
                    • ___fls_setvalue@8.LIBCMT ref: 025651DE
                      • Part of subcall function 0256C0A2: RtlDecodePointer.NTDLL(?), ref: 0256C0B3
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 025651E7
                    • RtlExitUserThread.NTDLL(00000000), ref: 025651EE
                    • GetCurrentThreadId.KERNEL32 ref: 025651F4
                    • __freefls@4.LIBCMT ref: 02565214
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLastUser___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                    • String ID:
                    • API String ID: 2876972746-0
                    • Opcode ID: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction ID: 29799797b0a0e36256050e138945d95672c759f4d8a92b0a923996d0f5d025d2
                    • Opcode Fuzzy Hash: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction Fuzzy Hash: D5F03074441702AFD714BFB6C94C83E7BAABFC93157208596E88987211EB34D886CF99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #3092.MFC42(00000000), ref: 004027D1
                    • SendMessageA.USER32(?,00001200,00000000,00000000), ref: 00402819
                    • #3996.MFC42(00000000,00000000,?,?,?,?,?,00000000), ref: 0040286B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3092#3996MessageSend
                    • String ID:
                    • API String ID: 3103698401-0
                    • Opcode ID: c5effb84392ff4e27ea0306a029b2d54c3e639b9e16ac63a904be9914e56a065
                    • Instruction ID: 0c178ab1cfad9b1278f07176e58331f142178f1997f2cf32d6db9579ac4bfff2
                    • Opcode Fuzzy Hash: c5effb84392ff4e27ea0306a029b2d54c3e639b9e16ac63a904be9914e56a065
                    • Instruction Fuzzy Hash: 2661C2716006415BD718CF19C954FABBBE6BFC4348F18812ED85A8B3D1C7B6E846CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 00412BBC
                    • Thread32First.KERNEL32 ref: 00412BD1
                    • Thread32Next.KERNEL32(00000000,?), ref: 00412BFF
                      • Part of subcall function 00413230: #823.MFC42(?,?,00000000,?,00000000), ref: 00413289
                      • Part of subcall function 00413230: #825.MFC42(?,00000000), ref: 00413309
                    • CloseHandle.KERNEL32(00000000), ref: 00412C09
                    • #823.MFC42(?), ref: 00412C38
                    • #825.MFC42(?), ref: 00412C6C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #823#825Thread32$CloseCreateFirstHandleNextSnapshotToolhelp32
                    • String ID:
                    • API String ID: 3339753587-0
                    • Opcode ID: a907fba8a47771df652d05e6615818f1784141c58fe8052cb23811535090fba9
                    • Instruction ID: 6a674d600b2fcc4e58d0fd594c89ca66cade78a40f210252b3459e5ebad940df
                    • Opcode Fuzzy Hash: a907fba8a47771df652d05e6615818f1784141c58fe8052cb23811535090fba9
                    • Instruction Fuzzy Hash: 9831A1711083418FD714CF15C980AAFBBE4EF85314F14492EF596D3340E278E989CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #540.MFC42 ref: 004077FF
                    • #3874.MFC42(?,?,?,?,?,?,?,?,?,?,?,00414EB8,000000FF), ref: 00407813
                    • #535.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00414EB8,000000FF), ref: 0040782F
                    • #6199.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,?,00414EB8,000000FF), ref: 00407888
                    • #6134.MFC42(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?,00414EB8), ref: 00407896
                    • #800.MFC42(?,?,?,?,?,?,?,?,?,?,?,?,00414EB8,000000FF), ref: 004078A7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3874#535#540#6134#6199#800
                    • String ID:
                    • API String ID: 3385152813-0
                    • Opcode ID: 1516b35ab18a31606dce90d54a8893a681159f8a87c2e72ad52f1e99c236b858
                    • Instruction ID: e8564043866905948252d5085461fc7b545413cc32b6b49c33137d772a372b9b
                    • Opcode Fuzzy Hash: 1516b35ab18a31606dce90d54a8893a681159f8a87c2e72ad52f1e99c236b858
                    • Instruction Fuzzy Hash: 5031E576A08381ABC300EF28C854AA7BBE1BF85324F14865DF4A5533C1D739F449C786
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004095EC
                    • #3286.MFC42(00000000,?,?,?,?,004095B8), ref: 0040960C
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004095B8), ref: 00409627
                    • #3286.MFC42(00000000,?,?,?,?,004095B8), ref: 0040964C
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004095B8), ref: 00409667
                    • #825.MFC42(00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004095B8), ref: 0040966D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3286#6007$#825MessageSend
                    • String ID:
                    • API String ID: 1838521641-0
                    • Opcode ID: 5abc676c86540cee4a863e7c129dcb045e1a78f2a62f5cce15ab5c29ec66846c
                    • Instruction ID: cfcd74f4efe3ed081c5d6b480b46ea83b11133bfc4738fd9e0dff82100a801ad
                    • Opcode Fuzzy Hash: 5abc676c86540cee4a863e7c129dcb045e1a78f2a62f5cce15ab5c29ec66846c
                    • Instruction Fuzzy Hash: B8210A753403006BE2209E95CC92FA7B7689B84715F10446EF756AB3C2DAB6BC42871C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 004020BD
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004020CC
                    • #3286.MFC42(?), ref: 004020DA
                    • SendMessageA.USER32(?,00001008,?,00000000), ref: 00402111
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00402122
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040213C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3286
                    • String ID:
                    • API String ID: 323715935-0
                    • Opcode ID: 634e530177f2252fb5a14fdd80d6e346c68f185687c5028575d0cc0b46b762be
                    • Instruction ID: d36abad5ca0fee33dcde8821ab9a53591077f11702183c6dfdec13749338d10e
                    • Opcode Fuzzy Hash: 634e530177f2252fb5a14fdd80d6e346c68f185687c5028575d0cc0b46b762be
                    • Instruction Fuzzy Hash: A5113A763453006BE224CA65DCC5F6BF3A5FB88715F24861EF3419B2C1DAB6E8018B68
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #3286.MFC42(?,00000000,?,00000001,?,00415868,000000FF,0040AFC6,?,00000001,?,?), ref: 00410467
                    • GetParent.USER32(?), ref: 00410479
                    • #2864.MFC42(00000000,?,00000001,?,00415868,000000FF,0040AFC6,?,00000001,?,?), ref: 00410480
                    • #3301.MFC42(?,?,00000001,00000000,?,00000001,?,00415868,000000FF,0040AFC6,?,00000001,?,?), ref: 004104BE
                    • #858.MFC42(00000000,?,?,00000001,00000000,?,00000001,?,00415868,000000FF,0040AFC6,?,00000001,?,?), ref: 004104D0
                    • #800.MFC42(00000000,?,?,00000001,00000000,?,00000001,?,00415868,000000FF,0040AFC6,?,00000001,?,?), ref: 004104E1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864#3286#3301#800#858Parent
                    • String ID:
                    • API String ID: 3939703191-0
                    • Opcode ID: e18a66ac8b5695d740d36ab624b5d8eebe7c6d14c9009163d01f63fee0e72999
                    • Instruction ID: 4a678657716412dfb17488330e6c038b136d1ae0a44a6027cc520f2cf675d67e
                    • Opcode Fuzzy Hash: e18a66ac8b5695d740d36ab624b5d8eebe7c6d14c9009163d01f63fee0e72999
                    • Instruction Fuzzy Hash: 9D213D722046009BC210DF55D881FABB3E9FBC8B24F004A1EF59693380DB78E945CB65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Menu$Item$#2546#2863#291Count
                    • String ID:
                    • API String ID: 667342809-0
                    • Opcode ID: 40df3786031453d7ff4937ce787c63a15614204c893a417e08fb70d24e62b7a6
                    • Instruction ID: 17abc4941891bcf7786562c35166747d15691d921702c06088023643df208c07
                    • Opcode Fuzzy Hash: 40df3786031453d7ff4937ce787c63a15614204c893a417e08fb70d24e62b7a6
                    • Instruction Fuzzy Hash: 6F11B4716043019BC700DF69D984A9BFBE8EFC8714F104A1EF554D7284D6B4D544CBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2379.MFC42 ref: 00407516
                    • GetCursorPos.USER32(?), ref: 00407536
                    • ScreenToClient.USER32(?,?), ref: 00407545
                    • PostMessageA.USER32(?,00000201,00000000,?), ref: 00407575
                    • PostMessageA.USER32(?,00000202,00000000,?), ref: 0040759B
                    • SendMessageA.USER32(?,00000445,00000000,00010001), ref: 004075AE
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Message$Post$#2379ClientCursorScreenSend
                    • String ID:
                    • API String ID: 3824870609-0
                    • Opcode ID: 7dfb645a9a7cc217b5f18ae1109170e1b47fbad79c23b2a7a6e9866c2f0ffd1b
                    • Instruction ID: 1c2672fd9a44b00e747a332e159a186cd5837e11a9466929cc413fc232b823cd
                    • Opcode Fuzzy Hash: 7dfb645a9a7cc217b5f18ae1109170e1b47fbad79c23b2a7a6e9866c2f0ffd1b
                    • Instruction Fuzzy Hash: BE11A0766103016BE620DB24DC4AFB7B7A8EF88710F108A39F6A5D72C0D5B4E8048659
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __CreateFrameInfo.LIBCMT ref: 10017CC9
                      • Part of subcall function 10013213: __getptd.LIBCMT ref: 10013221
                      • Part of subcall function 10013213: __getptd.LIBCMT ref: 1001322F
                    • __getptd.LIBCMT ref: 10017CD3
                      • Part of subcall function 1001A625: __getptd_noexit.LIBCMT ref: 1001A628
                      • Part of subcall function 1001A625: __amsg_exit.LIBCMT ref: 1001A635
                    • __getptd.LIBCMT ref: 10017CE1
                    • __getptd.LIBCMT ref: 10017CEF
                    • __getptd.LIBCMT ref: 10017CFA
                    • _CallCatchBlock2.LIBCMT ref: 10017D20
                      • Part of subcall function 100132B8: __CallSettingFrame@12.LIBCMT ref: 10013304
                      • Part of subcall function 10017DC7: __getptd.LIBCMT ref: 10017DD6
                      • Part of subcall function 10017DC7: __getptd.LIBCMT ref: 10017DE4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                    • String ID:
                    • API String ID: 1602911419-0
                    • Opcode ID: 9c0a5c161a8e2c1b15864db23af9a3b49f8f2ebe87976c302c13bf6f9655ecab
                    • Instruction ID: 397f16783385a8bd145cb92ecbff78351a7729befc9adb7f093ac7164e27d366
                    • Opcode Fuzzy Hash: 9c0a5c161a8e2c1b15864db23af9a3b49f8f2ebe87976c302c13bf6f9655ecab
                    • Instruction Fuzzy Hash: D311D4B5C00209EFDB10DFA4D945BAEBBF0FF08314F14846AF815AB251DB38AA959F50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __EH_prolog3.LIBCMT ref: 025635BB
                    • std::_Lockit::_Lockit.LIBCPMT ref: 025635C5
                    • int.LIBCPMT ref: 025635DC
                      • Part of subcall function 02558E74: std::_Lockit::_Lockit.LIBCPMT ref: 02558E85
                    • messages.LIBCPMT ref: 025635FF
                    • __CxxThrowException@8.LIBCMT ref: 02563621
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 02563637
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::locale::facet::_
                    • String ID:
                    • API String ID: 4269662895-0
                    • Opcode ID: 2ea6ab6b578fb937ffd02767230a55dc4457e17e6dbdd87eeee9fac00c62f428
                    • Instruction ID: 26ab8761b6e4869da7e25601c3b36b3742f69e6757cc313595c1ac20ee69ede8
                    • Opcode Fuzzy Hash: 2ea6ab6b578fb937ffd02767230a55dc4457e17e6dbdd87eeee9fac00c62f428
                    • Instruction Fuzzy Hash: DE01C03180016AABCF15EBA0C858ABD7336BFC4760F540519E510AB2D0DF359A018F58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 1001C34B
                      • Part of subcall function 1001A625: __getptd_noexit.LIBCMT ref: 1001A628
                      • Part of subcall function 1001A625: __amsg_exit.LIBCMT ref: 1001A635
                    • __amsg_exit.LIBCMT ref: 1001C36B
                    • __lock.LIBCMT ref: 1001C37B
                    • InterlockedDecrement.KERNEL32(?), ref: 1001C398
                    • _free.LIBCMT ref: 1001C3AB
                    • InterlockedIncrement.KERNEL32(02471668), ref: 1001C3C3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                    • String ID:
                    • API String ID: 3470314060-0
                    • Opcode ID: 1271d9f4dc83408b697acbebbb6d8e7dc612838faf4271eec5ded8a14b7d2512
                    • Instruction ID: 4621c674f98e0a3bda97f99255dd3459e5e8de28bd4f942dd1ca4cf786c87da5
                    • Opcode Fuzzy Hash: 1271d9f4dc83408b697acbebbb6d8e7dc612838faf4271eec5ded8a14b7d2512
                    • Instruction Fuzzy Hash: BF01C435901729EBD751DBA58885B5D73A0FF04760F118106F829AF291C734EEC1CBD1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 0256DF4F
                      • Part of subcall function 0256C229: __getptd_noexit.LIBCMT ref: 0256C22C
                      • Part of subcall function 0256C229: __amsg_exit.LIBCMT ref: 0256C239
                    • __amsg_exit.LIBCMT ref: 0256DF6F
                    • __lock.LIBCMT ref: 0256DF7F
                    • InterlockedDecrement.KERNEL32(?), ref: 0256DF9C
                    • _free.LIBCMT ref: 0256DFAF
                    • InterlockedIncrement.KERNEL32(100300E8), ref: 0256DFC7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                    • String ID:
                    • API String ID: 3470314060-0
                    • Opcode ID: 1271d9f4dc83408b697acbebbb6d8e7dc612838faf4271eec5ded8a14b7d2512
                    • Instruction ID: 1558a7d8702e6993d9658f33d28ed92d072863742cfbcdc7cc008c15491c3780
                    • Opcode Fuzzy Hash: 1271d9f4dc83408b697acbebbb6d8e7dc612838faf4271eec5ded8a14b7d2512
                    • Instruction Fuzzy Hash: C1018432A03622AFE725EB64D84C7BDFB71BF44724F544906E81567290C7346581CFD9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 100044E1
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 100044EC
                    • Sleep.KERNEL32(00000258), ref: 100044F9
                    • CloseHandle.KERNEL32(?), ref: 10004514
                    • CloseHandle.KERNEL32(?), ref: 1000451D
                    • Sleep.KERNEL32(0000012C), ref: 1000452E
                      • Part of subcall function 100042C0: GetCurrentThreadId.KERNEL32 ref: 100042C4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseHandleObjectSingleSleepWait$CurrentThread
                    • String ID:
                    • API String ID: 1839609998-0
                    • Opcode ID: bcc80b3ddac6046172a4e2c41c6e3830103b277a90b5a893818be3debafc94cc
                    • Instruction ID: bb19d167f47e44f620e3617ac487d925318f069514179197543e1ddc9ae0966f
                    • Opcode Fuzzy Hash: bcc80b3ddac6046172a4e2c41c6e3830103b277a90b5a893818be3debafc94cc
                    • Instruction Fuzzy Hash: 55F030762046105BD610EBA9CCD4D4AF3E9EFC9720B214B09E269832D4CB70FC018BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #800.MFC42(?,?,?,00414A8D,000000FF,00403D78), ref: 00403DBB
                    • #800.MFC42(?,?,?,00414A8D,000000FF,00403D78), ref: 00403DCB
                    • #800.MFC42(?,?,?,00414A8D,000000FF,00403D78), ref: 00403DDB
                    • #692.MFC42(?,?,?,00414A8D,000000FF,00403D78), ref: 00403DEB
                    • #616.MFC42(?,?,?,00414A8D,000000FF,00403D78), ref: 00403DF8
                    • #641.MFC42(?,?,?,00414A8D,000000FF,00403D78), ref: 00403E07
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #800$#616#641#692
                    • String ID:
                    • API String ID: 3167959800-0
                    • Opcode ID: beb57dffe5d3f152375988a2299e685a4dc3247853ce29278927adea83ba79d3
                    • Instruction ID: 22bc1a2d5ddd74e83b64a2d4385f12f0148e27e5924d5ea4fd9db5c7cd8b28f6
                    • Opcode Fuzzy Hash: beb57dffe5d3f152375988a2299e685a4dc3247853ce29278927adea83ba79d3
                    • Instruction Fuzzy Hash: 00014B704487D29BD314EF29C401BDABBE4AF99724F404E0EF4AA032C1DBB85249C7A6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003401
                    • Sleep.KERNEL32(00000258), ref: 1000340E
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 10003416
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10003422
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000342A
                    • Sleep.KERNEL32(0000012C), ref: 1000343B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
                    • String ID:
                    • API String ID: 3137405945-0
                    • Opcode ID: cb449d608bbcea5f0eb0ceffb4adefe4f353f3075614a4d69bd563b7dd94431d
                    • Instruction ID: 9cec08a66d9ee42e5517b085efe1610bc935cc5c51b9ef27c399106e0bba09d1
                    • Opcode Fuzzy Hash: cb449d608bbcea5f0eb0ceffb4adefe4f353f3075614a4d69bd563b7dd94431d
                    • Instruction Fuzzy Hash: F6F012722047146BD6209BADCCC4E56F3A8AF95734B204709F265936E0CAB4E8058B60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864#5148#5981#6215FocusVisibleWindow
                    • String ID:
                    • API String ID: 1747235972-0
                    • Opcode ID: c1ecd7009bc43e6baf396582cafa37d693449766733083c5be6ba18cad2f8c96
                    • Instruction ID: 22332403b3a9e9126d3791166f659fa0dba9afed4b6cb25bbd32d7bcd78c9af1
                    • Opcode Fuzzy Hash: c1ecd7009bc43e6baf396582cafa37d693449766733083c5be6ba18cad2f8c96
                    • Instruction Fuzzy Hash: E2F082703007006BD624EB64D849FEF7398EB84704F04882EF55583285CB78ED81C769
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864#5148#5981#6215FocusVisibleWindow
                    • String ID:
                    • API String ID: 1747235972-0
                    • Opcode ID: ec85630b2351b85d4575777680a88710978a81fd10849ca2772cc75ede7096c7
                    • Instruction ID: c59353ba1ec8dfe0a73dd1132896adc9b31e48b39f21f4cd6e48d27358e76704
                    • Opcode Fuzzy Hash: ec85630b2351b85d4575777680a88710978a81fd10849ca2772cc75ede7096c7
                    • Instruction Fuzzy Hash: 48F05E70300301ABC624EB64D859BEF6398EB84704F04882EF55583285CB78E981C769
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 02565F5E: _doexit.LIBCMT ref: 02565F6A
                    • ___set_flsgetvalue.LIBCMT ref: 025651C0
                      • Part of subcall function 0256C06E: TlsGetValue.KERNEL32(0000FFFF,0256C1C7,?,0000FFFF,02565116,02572A8D), ref: 0256C077
                      • Part of subcall function 0256C06E: RtlDecodePointer.NTDLL ref: 0256C089
                      • Part of subcall function 0256C06E: TlsSetValue.KERNEL32(00000000,?,0000FFFF,02565116,02572A8D), ref: 0256C098
                    • ___fls_getvalue@4.LIBCMT ref: 025651CB
                      • Part of subcall function 0256C04E: TlsGetValue.KERNEL32(?,?,025651D0,00000000), ref: 0256C05C
                    • ___fls_setvalue@8.LIBCMT ref: 025651DE
                      • Part of subcall function 0256C0A2: RtlDecodePointer.NTDLL(?), ref: 0256C0B3
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 025651E7
                    • RtlExitUserThread.NTDLL(00000000), ref: 025651EE
                    • GetCurrentThreadId.KERNEL32 ref: 025651F4
                    • __freefls@4.LIBCMT ref: 02565214
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLastUser___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                    • String ID:
                    • API String ID: 811752470-0
                    • Opcode ID: 590cf90621574e87cd317b2ce967786c3d20177de05e1b12906cbabe0a5a7e5c
                    • Instruction ID: 53682c8f1aa3f84d2d16d35b642697a68dc3bf1350b7786dcab6fa3011532298
                    • Opcode Fuzzy Hash: 590cf90621574e87cd317b2ce967786c3d20177de05e1b12906cbabe0a5a7e5c
                    • Instruction Fuzzy Hash: FAE06570841217ABDB103FB6CC0D47E7A6EBE95312B500451ED9593110EB3484518FA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009D1A
                      • Part of subcall function 100107DC: std::exception::exception.LIBCMT ref: 100107F1
                      • Part of subcall function 100107DC: __CxxThrowException@8.LIBCMT ref: 10010806
                      • Part of subcall function 100107DC: std::exception::exception.LIBCMT ref: 10010817
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009D57
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107A4
                      • Part of subcall function 1001078F: __CxxThrowException@8.LIBCMT ref: 100107B9
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107CA
                    • _memmove.LIBCMT ref: 10009DB8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                    • String ID: invalid string position$string too long
                    • API String ID: 1615890066-4289949731
                    • Opcode ID: b2c8c75499922d7c8a7edfbdb547f47cf09603d93aa6b6385e314bfe62bc7e7f
                    • Instruction ID: a52e108f1ab3f669884db24138a958232af200ae21ad2a2ea0455b893b8fcab3
                    • Opcode Fuzzy Hash: b2c8c75499922d7c8a7edfbdb547f47cf09603d93aa6b6385e314bfe62bc7e7f
                    • Instruction Fuzzy Hash: 6A31A5333446149BE711DA5CE880A5EF3E9EBE16E4F21052FF145CB295DB71EC4183A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 10006B8C
                    • _memset.LIBCMT ref: 10006B98
                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,FCCBADC3,75919350,00000000), ref: 10006BFD
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memset$_malloclstrlen
                    • String ID: BITS$SYSTEM\Setup
                    • API String ID: 285548681-3074452007
                    • Opcode ID: 477386a4ab48eb18a39da4ac9c2815d7e31a326b8accdc1de3784492f4e52bee
                    • Instruction ID: dd1e21d8fa68b527038c420cf3b482bbc89297fffcc0550996dd3cb3e2ecdcc1
                    • Opcode Fuzzy Hash: 477386a4ab48eb18a39da4ac9c2815d7e31a326b8accdc1de3784492f4e52bee
                    • Instruction Fuzzy Hash: B021BAB5A01254AFE710CF68CC45B9E7BB5FB48710F104169FA18AB281D7706645CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #540.MFC42 ref: 00413713
                    • #2818.MFC42(?,%d - %d,00000000,00000014), ref: 00413746
                      • Part of subcall function 00401B30: GlobalReAlloc.KERNEL32(?,?,00000042), ref: 00401B55
                      • Part of subcall function 00401B30: GlobalAlloc.KERNEL32(00000000,?), ref: 00401BB8
                    • #800.MFC42 ref: 0041376A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocGlobal$#2818#540#800
                    • String ID: %d - %d$gfff
                    • API String ID: 482294231-2577607064
                    • Opcode ID: b237a7d5eedde4b90ee38221f252e84e02f3e0f0e3c6ce6c8dcb1a6349726d45
                    • Instruction ID: ce69dc6f87d7003164073e48eec0cde505748da412ff69ad0e90133705951537
                    • Opcode Fuzzy Hash: b237a7d5eedde4b90ee38221f252e84e02f3e0f0e3c6ce6c8dcb1a6349726d45
                    • Instruction Fuzzy Hash: 5321F6726046109BC314EF1AC841F9BB7E8EBC5B59F004A2EF455A72C1C738AD04CBE6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSAEventSelect.WS2_32(?,?,00000023), ref: 10004F7B
                    • WSAGetLastError.WS2_32 ref: 10004F86
                    • send.WS2_32(?,00000000,00000000,00000000), ref: 10004FD4
                    • WSAGetLastError.WS2_32 ref: 10004FDF
                    Strings
                    • <C-CNNID: %Iu> send 0 bytes (detect package), xrefs: 10004FF5
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast$EventSelectsend
                    • String ID: <C-CNNID: %Iu> send 0 bytes (detect package)
                    • API String ID: 259408233-4236689219
                    • Opcode ID: 5d232a0a0d1fdb6852da955fa148a88339427dbb04bf8f8c99a14879ab30892e
                    • Instruction ID: 151eab26e91050a276e9a3536c7e591620eb98f1c3633ae7e127e5b2727cb382
                    • Opcode Fuzzy Hash: 5d232a0a0d1fdb6852da955fa148a88339427dbb04bf8f8c99a14879ab30892e
                    • Instruction Fuzzy Hash: 82114FB61117509BE320CB79DCC4E97B7E9FB88764F110A2EF65A83651DB71E840CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryA.KERNEL32(?), ref: 0255775E
                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 02557792
                    • LoadLibraryA.KERNEL32(100276E0), ref: 025577EB
                    • CloseHandle.KERNEL32(?), ref: 0255780A
                    • FreeLibrary.KERNEL32(00000000), ref: 02557815
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Library$Load$CloseCurrentFreeHandleProcess
                    • String ID: .dll$Adva$pi32
                    • API String ID: 1168765234-3719434023
                    • Opcode ID: 56ec091c98f56e65cb84f05740b98b29725bedeac87833fb4d86b27b1ab3a197
                    • Instruction ID: caafea91ec89a463a5433ba1b89b358ecdb1647ed6f9ab63dee320bfbfd2f35a
                    • Opcode Fuzzy Hash: 56ec091c98f56e65cb84f05740b98b29725bedeac87833fb4d86b27b1ab3a197
                    • Instruction Fuzzy Hash: B5115E71901218ABDB10DFA8ED89EEEBBB8FF49310F504159F909A7200D7705A05CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___BuildCatchObject.LIBCMT ref: 10018061
                      • Part of subcall function 10017FBC: ___BuildCatchObjectHelper.LIBCMT ref: 10017FF2
                    • _UnwindNestedFrames.LIBCMT ref: 10018078
                    • ___FrameUnwindToState.LIBCMT ref: 10018086
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                    • String ID: csm$csm
                    • API String ID: 2163707966-3733052814
                    • Opcode ID: 72b0c324ea79d54bf9ced1a08a521f4c5615a0452c37200f439a9ae73172eca6
                    • Instruction ID: 23a866b3ff125264a9d75cde181b7b68ecbe4fd9c62543019c738a8ea1884e78
                    • Opcode Fuzzy Hash: 72b0c324ea79d54bf9ced1a08a521f4c5615a0452c37200f439a9ae73172eca6
                    • Instruction Fuzzy Hash: 1B01E479001109BBDF129E51CC45EEA7E7AFF08390F104024BD5819161E732EAF6EBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 10005C72
                    • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,?,?), ref: 10005C9E
                    • RegCloseKey.ADVAPI32(?), ref: 10005CA9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseCreateValue
                    • String ID: Host$SYSTEM\Setup
                    • API String ID: 1818849710-2058306683
                    • Opcode ID: a5749bc39feec96681431c9a0d17588fa11fd8d834cde4cb914a7478d4417bbf
                    • Instruction ID: 794c698d38af38fbc08a8d475579c635017a023fcaac59f8b424048c54fa9fab
                    • Opcode Fuzzy Hash: a5749bc39feec96681431c9a0d17588fa11fd8d834cde4cb914a7478d4417bbf
                    • Instruction Fuzzy Hash: 97F05E76600219FFF700CB649C89EBA77ADEB85751F204144FE0997241CB319E0996A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 10005CD2
                    • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?), ref: 10005CFE
                    • RegCloseKey.ADVAPI32(?), ref: 10005D09
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseCreateValue
                    • String ID: BITS$SYSTEM\Setup
                    • API String ID: 1818849710-3074452007
                    • Opcode ID: 1531b198c8937c57f97394655215b538626a6dedd187faa1e2281873f503604a
                    • Instruction ID: 651df40bf61fd3fb3f008217ae33454217a815017037e958b42cfaff3ff998c7
                    • Opcode Fuzzy Hash: 1531b198c8937c57f97394655215b538626a6dedd187faa1e2281873f503604a
                    • Instruction Fuzzy Hash: 80F05E76600215FFE300CF549C89EBA77ACEB49751F204145FE0997245CB31AE099694
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 100179FF
                      • Part of subcall function 1001A625: __getptd_noexit.LIBCMT ref: 1001A628
                      • Part of subcall function 1001A625: __amsg_exit.LIBCMT ref: 1001A635
                    • __getptd.LIBCMT ref: 10017A10
                    • __getptd.LIBCMT ref: 10017A1E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd$__amsg_exit__getptd_noexit
                    • String ID: MOC$RCC
                    • API String ID: 803148776-2084237596
                    • Opcode ID: 6e2efed66251f093ad6311aef069e36f44e304397d46c8700e4156c7cd03f35d
                    • Instruction ID: 5b5314fec8cc4336ed693b45274f58df93ddce0047db61c27aee4504d0fb5542
                    • Opcode Fuzzy Hash: 6e2efed66251f093ad6311aef069e36f44e304397d46c8700e4156c7cd03f35d
                    • Instruction Fuzzy Hash: F1E092359141058ED710D774C04675D36E4FF89658F9A48A2E40EDF223D738EAD09953
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID:
                    • API String ID: 4104443479-0
                    • Opcode ID: 679d24a82a0730313af86cc96d97edacde428ccac2013ce22c79c4fdc80ad0f8
                    • Instruction ID: 2de244d5681a4923734aa1e6fc2765a0bb9aec3b289d23d4a8e3f6dfc7c34067
                    • Opcode Fuzzy Hash: 679d24a82a0730313af86cc96d97edacde428ccac2013ce22c79c4fdc80ad0f8
                    • Instruction Fuzzy Hash: 17615F75A0160A9FEB58CF69C580ADAB7E5FF48290F10866ED859C7744EB30F954CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • wsprintfA.USER32 ref: 1000E736
                    • OutputDebugStringA.KERNEL32(10027C30,?,?,?,?,?,?,?,?,?,"addr":"([^"]+)",00000001,?,?,"ip":"([^"]+)",00000001), ref: 1000E744
                    • OutputDebugStringA.KERNEL32(10027C2C,?,?,?,?,?,?,?,?,?,"addr":"([^"]+)",00000001,?,?,"ip":"([^"]+)",00000001), ref: 1000E76A
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000E7CC
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000E865
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: DebugLockitLockit::_OutputStringstd::_$wsprintf
                    • String ID:
                    • API String ID: 4114653978-0
                    • Opcode ID: 836d9090127d3572841fd155e993951d1260bf10bf1a0f3202da55634ce84852
                    • Instruction ID: 71cde9608faf795d8778179ae10e374bdaae38e2f8bcd94de37ca5af738bca05
                    • Opcode Fuzzy Hash: 836d9090127d3572841fd155e993951d1260bf10bf1a0f3202da55634ce84852
                    • Instruction Fuzzy Hash: DD519075E002A59FEB60DF64C880A9CB3F5FB44350F1185E9D99DAB285DB31AEC48B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • EnterCriticalSection.KERNEL32(?,FCCBADC3,?,?,?,?,?,10026048,000000FF), ref: 10003EBE
                    • WSASetLastError.WS2_32(0000000D), ref: 10003ED6
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003EDD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterErrorLastLeave
                    • String ID:
                    • API String ID: 4082018349-0
                    • Opcode ID: 2e32f795b0df08dd5198922dbd234f90276beaa67856b30e10c9fcc86bd596ad
                    • Instruction ID: bcb7a615695b9ff06d3970cdafd905bf067c650ace70a70b7236a4061ddd80f9
                    • Opcode Fuzzy Hash: 2e32f795b0df08dd5198922dbd234f90276beaa67856b30e10c9fcc86bd596ad
                    • Instruction Fuzzy Hash: 3331B376A04245AFE311CB55DC81FABB7BCFB88790F108A2AF916C3685D775E800CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RtlEnterCriticalSection.NTDLL(?), ref: 02555AC2
                    • WSASetLastError.WS2_32(0000000D), ref: 02555ADA
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 02555AE1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterErrorLastLeave
                    • String ID:
                    • API String ID: 4082018349-0
                    • Opcode ID: 2e32f795b0df08dd5198922dbd234f90276beaa67856b30e10c9fcc86bd596ad
                    • Instruction ID: 2d18ef395792dde6e683430d08d07c48a9aabf5bc188b92d098cf8e927ecb3a4
                    • Opcode Fuzzy Hash: 2e32f795b0df08dd5198922dbd234f90276beaa67856b30e10c9fcc86bd596ad
                    • Instruction Fuzzy Hash: 853182B2600664AFD724CB55DC95F6BB7A9FB84720F50491AFD06C7640E775A800CB64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255D1D1
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255D1F4
                    • __CxxThrowException@8.LIBCMT ref: 0255D286
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255D299
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 0255D2B3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::locale::facet::_
                    • String ID:
                    • API String ID: 2895652726-0
                    • Opcode ID: 4f5d3893930336ad9f91cb0a9b595b4ef4c1c753027342c99c80332f5b8973a6
                    • Instruction ID: cbb03fc1bdd4a4e7a82752580e909953e160b601bcc0bbfdf46795d9d6e38f9f
                    • Opcode Fuzzy Hash: 4f5d3893930336ad9f91cb0a9b595b4ef4c1c753027342c99c80332f5b8973a6
                    • Instruction Fuzzy Hash: 3B31B1729022259FDB24DF54C9A4FAE77B5FB44320F00466AEC16AB2D0DB30ED41CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255A611
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255A634
                    • __CxxThrowException@8.LIBCMT ref: 0255A6C6
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255A6D9
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 0255A6F3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::locale::facet::_
                    • String ID:
                    • API String ID: 2895652726-0
                    • Opcode ID: ab726d91fc2596f52e0535cfb78b692de3e480791f981b675fca4bbc30d87421
                    • Instruction ID: 6c921a4afff9ffc00d2ce4bcb748ef788bda848a408d1cf78e30f5296fee141d
                    • Opcode Fuzzy Hash: ab726d91fc2596f52e0535cfb78b692de3e480791f981b675fca4bbc30d87421
                    • Instruction Fuzzy Hash: B8319F71D002259FDB25DF64C8A4BAEB7B5FB44320F40476AED16AB390DB30A940CF99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #5290.MFC42(?,?,?,?,?,?,00414F98,000000FF), ref: 004081F1
                    • #6199.MFC42(?,?,00000028,?,?,?,?,?,00414F98,000000FF), ref: 0040828D
                    • #800.MFC42(?,00000028,?,?,?,?,?,00414F98,000000FF), ref: 0040829E
                    • TranslateMessage.USER32(?), ref: 004082A4
                    • DispatchMessageA.USER32(?), ref: 004082AB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Message$#5290#6199#800DispatchTranslate
                    • String ID:
                    • API String ID: 1943485823-0
                    • Opcode ID: 4ccc2267a34339e248bf572e4308fc246a18c7f3bcf2c84a9af6bb014f60773f
                    • Instruction ID: 08bf834fc2c223326e04f4c8e36c2a76b5af9cb82879b57af7a6f60bf81cc0c6
                    • Opcode Fuzzy Hash: 4ccc2267a34339e248bf572e4308fc246a18c7f3bcf2c84a9af6bb014f60773f
                    • Instruction Fuzzy Hash: E63158711046009BCB10DF25C990BA3B7A5EF96714F14497FF8D1A73C2CA3DE886C659
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • recv.WS2_32(02556CA1,?,00000598,00000000), ref: 025569C8
                    • SetLastError.KERNEL32(00000000,?,00000001,02556CA1), ref: 02556A03
                    • GetLastError.KERNEL32 ref: 02556A53
                    • WSAGetLastError.WS2_32(?,00000001,02556CA1), ref: 02556A86
                    • WSASetLastError.WS2_32(0000000D,?,00000001,02556CA1), ref: 02556AAD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast$recv
                    • String ID:
                    • API String ID: 316788870-0
                    • Opcode ID: 64d3a0e672f84c2be56cee985c0e820edbafee9c4799b7bb2106a1d4dd02f221
                    • Instruction ID: fc39ae320a374e36b033a3d1737e5c60ff29b20701081fff77c8054846de2ac9
                    • Opcode Fuzzy Hash: 64d3a0e672f84c2be56cee985c0e820edbafee9c4799b7bb2106a1d4dd02f221
                    • Instruction Fuzzy Hash: A631A271605760CFE7249B68C8E8B6A7BA9FB85315F90491FF946C26A0D731F8818A14
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00401DA9
                    • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00401DB8
                    • #3998.MFC42(00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00401DD2
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000001,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00401DED
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 00401E34
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3998#6007
                    • String ID:
                    • API String ID: 1326147382-0
                    • Opcode ID: 95f59f2e6fad66d74e8c659d0a5aea5817cc018e5c55ebd2748cc6fbdce3a35d
                    • Instruction ID: c2ac501bbaba0ab0c7edacb745d49bd4a723b8a6d7bffe2c6df657772d6b70ac
                    • Opcode Fuzzy Hash: 95f59f2e6fad66d74e8c659d0a5aea5817cc018e5c55ebd2748cc6fbdce3a35d
                    • Instruction Fuzzy Hash: DF214F717806117BE7348B19CC86F56B3A9AB48B10F254229FA05BF7D1C6B4F8418BD8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RtlEnterCriticalSection.NTDLL(?), ref: 02555D91
                      • Part of subcall function 02553254: HeapFree.KERNEL32(?,00000000,?,1002703C,?,?,02555DD5,?,?,?,?,?,10026048,000000FF), ref: 02553279
                      • Part of subcall function 02553254: _free.LIBCMT ref: 02553295
                    • HeapDestroy.KERNEL32(?,?,?,?,?,?,10026048,000000FF), ref: 02555DDD
                    • HeapCreate.KERNEL32(?,?,?,?,?,?,?,?,10026048,000000FF), ref: 02555DF8
                    • SetEvent.KERNEL32 ref: 02555E20
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 02555E27
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$CriticalSection$CreateDestroyEnterEventFreeLeave_free
                    • String ID:
                    • API String ID: 1767077271-0
                    • Opcode ID: 435a6a1c9af187304fbe13b8c525581f8d694a9dcb74a572eed8d04037b26f3c
                    • Instruction ID: ad6e4367b88f84a86a2f81930e9367308871197103edbdeb41d6042cfbc9b726
                    • Opcode Fuzzy Hash: 435a6a1c9af187304fbe13b8c525581f8d694a9dcb74a572eed8d04037b26f3c
                    • Instruction Fuzzy Hash: 62211571100B14AFD324DF74CC94AA7B7E8FF48310F50891EE96A83250EB34A905CB10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 10013DC1
                      • Part of subcall function 10012D63: __FF_MSGBANNER.LIBCMT ref: 10012D7C
                      • Part of subcall function 10012D63: __NMSG_WRITE.LIBCMT ref: 10012D83
                      • Part of subcall function 10012D63: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,10016A53,?,00000001,?,?,1001D161,00000018,1002D480,0000000C,1001D1F1), ref: 10012DA8
                    • _free.LIBCMT ref: 10013DD4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocHeap_free_malloc
                    • String ID:
                    • API String ID: 2734353464-0
                    • Opcode ID: 71a27262ab56c2bf0f7eb83fe5a569357838eb02f6c12416664db032d1c47d62
                    • Instruction ID: d2fc96d7dab592528cfae004ed13961d9089414af67ce05898abdfdc8a222db3
                    • Opcode Fuzzy Hash: 71a27262ab56c2bf0f7eb83fe5a569357838eb02f6c12416664db032d1c47d62
                    • Instruction Fuzzy Hash: A711023A804622ABCB22EF74AC0464E3BE9EF456F0B21C425F80C8E2D1DF31D8C08690
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 025659C5
                      • Part of subcall function 02564967: __FF_MSGBANNER.LIBCMT ref: 02564980
                      • Part of subcall function 02564967: __NMSG_WRITE.LIBCMT ref: 02564987
                      • Part of subcall function 02564967: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 025649AC
                    • _free.LIBCMT ref: 025659D8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocateHeap_free_malloc
                    • String ID:
                    • API String ID: 1020059152-0
                    • Opcode ID: 8c8f50c2d068b7615b6275643a8fdaa27b93d96ccd56a20df4b37808c6848bb4
                    • Instruction ID: 46a6dcc9b2f69e07f70c9544f61c06533dfbe7276cb1f17b127b58cb8383cf8d
                    • Opcode Fuzzy Hash: 8c8f50c2d068b7615b6275643a8fdaa27b93d96ccd56a20df4b37808c6848bb4
                    • Instruction Fuzzy Hash: BB11A7325C4216ABDB312B74DC4D77D3B96BF853B1BA44465E84D9B150FB31C884CA9C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • Sleep.KERNEL32(00000064,FCCBADC3,?,?,?,?,?,10026021,000000FF), ref: 1000322A
                    • CloseHandle.KERNEL32(?,?,?,?,?,?,10026021,000000FF), ref: 1000323E
                    • CloseHandle.KERNEL32(?,?,?,?,?,?,10026021,000000FF), ref: 10003248
                    • CloseHandle.KERNEL32(00000002,?,?,?,?,?,10026021,000000FF), ref: 10003252
                    • WSACleanup.WS2_32 ref: 10003254
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseHandle$CleanupSleep
                    • String ID:
                    • API String ID: 3842683705-0
                    • Opcode ID: dc221ea923b747653ecad48b5803afd6ab362e8ddeefbd7488682d210d21ceb9
                    • Instruction ID: a1a5f998cc117e87412f2f30b20b4f4e73292c461a80bb45fe2a8b0e573e21ab
                    • Opcode Fuzzy Hash: dc221ea923b747653ecad48b5803afd6ab362e8ddeefbd7488682d210d21ceb9
                    • Instruction Fuzzy Hash: 551189745006849FE710DF69C885BAAF7ECFF04690F10861EE98693684DBB4B904CA20
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 100086C2
                      • Part of subcall function 10010D1B: _setlocale.LIBCMT ref: 10010D2D
                    • _free.LIBCMT ref: 100086D4
                      • Part of subcall function 10012E7A: HeapFree.KERNEL32(00000000,00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012E90
                      • Part of subcall function 10012E7A: GetLastError.KERNEL32(00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012EA2
                    • _free.LIBCMT ref: 100086E7
                    • _free.LIBCMT ref: 100086FA
                    • _free.LIBCMT ref: 1000870D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                    • String ID:
                    • API String ID: 3515823920-0
                    • Opcode ID: 472309ec920017a4657466d9bd1c91297ee042d2556f9f86c28882df55dcdb21
                    • Instruction ID: 1a0c0fd1d4e970b023bf7c2b86a40f55d00c9030eb1d44769e288265c746f8e7
                    • Opcode Fuzzy Hash: 472309ec920017a4657466d9bd1c91297ee042d2556f9f86c28882df55dcdb21
                    • Instruction Fuzzy Hash: 4D1191F1E00A44ABDB20CF99DC45A5BF7E9EB44650F104B2AF49AC7744E771F9048B91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0255A2C6
                      • Part of subcall function 0256291F: _setlocale.LIBCMT ref: 02562931
                    • _free.LIBCMT ref: 0255A2D8
                      • Part of subcall function 02564A7E: HeapFree.KERNEL32(00000000,00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564A94
                      • Part of subcall function 02564A7E: GetLastError.KERNEL32(00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564AA6
                    • _free.LIBCMT ref: 0255A2EB
                    • _free.LIBCMT ref: 0255A2FE
                    • _free.LIBCMT ref: 0255A311
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                    • String ID:
                    • API String ID: 3515823920-0
                    • Opcode ID: b1320013ab2a6e938d5b1b0e42c4459ee2e88dc9f6a1e41d07c1818aa2f516bc
                    • Instruction ID: 8e6276886451387b4809fc1fce1e88fc0cc8a8f1407d050fd6eb832215100313
                    • Opcode Fuzzy Hash: b1320013ab2a6e938d5b1b0e42c4459ee2e88dc9f6a1e41d07c1818aa2f516bc
                    • Instruction Fuzzy Hash: 181191F1D00A14ABC730DF59DC45A6BF7EAFB84614F144B2BE816C3740E772E9048A99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 100100A9
                    • GetThreadDesktop.USER32(00000000), ref: 100100B0
                    • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 100100DD
                    • SetThreadDesktop.USER32(?), ref: 100100F0
                    • CloseDesktop.USER32(00000000), ref: 100100FB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: DesktopThread$CloseCurrentInformationObjectUser
                    • String ID:
                    • API String ID: 2068333509-0
                    • Opcode ID: 28968fe91b1915d56c1e3e06472ed014dbec73853299338c2ef1871f48c8ec08
                    • Instruction ID: c592337191ca5b857ffedfeb0902bcdad4902275b3b5ef8b561c7c81b9beae17
                    • Opcode Fuzzy Hash: 28968fe91b1915d56c1e3e06472ed014dbec73853299338c2ef1871f48c8ec08
                    • Instruction Fuzzy Hash: 5F113071A01219EFDB11DF64CC85BEEBBB8FB09710F104269F959A7280DB74A985CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 02561CAD
                    • GetThreadDesktop.USER32(00000000), ref: 02561CB4
                    • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02561CE1
                    • SetThreadDesktop.USER32(?), ref: 02561CF4
                    • CloseDesktop.USER32(00000000), ref: 02561CFF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: DesktopThread$CloseCurrentInformationObjectUser
                    • String ID:
                    • API String ID: 2068333509-0
                    • Opcode ID: 19b4c3a89c4e1623bae96453195a8cdac1b764a188030ad14360a18b4dcd0dc8
                    • Instruction ID: 05a8fac0804574d465382a5f9645f2aa6e91cc12b28fcb24c82031bad5da0a4a
                    • Opcode Fuzzy Hash: 19b4c3a89c4e1623bae96453195a8cdac1b764a188030ad14360a18b4dcd0dc8
                    • Instruction Fuzzy Hash: 06114C71900619AFDB10DFA4CC89BFEBBB8FB49710F508269E90993280DB345945CE64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • EnterCriticalSection.KERNEL32(?), ref: 10003FD3
                    • EnterCriticalSection.KERNEL32(?), ref: 10003FDD
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003FF0
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003FF3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave
                    • String ID:
                    • API String ID: 3168844106-0
                    • Opcode ID: 5d1063181dff793b6efac1fcec12eebd3358c458b6aa457a1e6cc4b6034048c9
                    • Instruction ID: 87cedcef9b042a58cfd1ca559216b801f67bdad78d17b96889e554db05a60b8c
                    • Opcode Fuzzy Hash: 5d1063181dff793b6efac1fcec12eebd3358c458b6aa457a1e6cc4b6034048c9
                    • Instruction Fuzzy Hash: 4A014F766006249FE720DB29ECC4B9BB7ECEF88754F114429E54A83614C774FC46CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __CreateFrameInfo.LIBCMT ref: 025698CD
                      • Part of subcall function 02564E17: __getptd.LIBCMT ref: 02564E25
                      • Part of subcall function 02564E17: __getptd.LIBCMT ref: 02564E33
                    • __getptd.LIBCMT ref: 025698D7
                      • Part of subcall function 0256C229: __getptd_noexit.LIBCMT ref: 0256C22C
                      • Part of subcall function 0256C229: __amsg_exit.LIBCMT ref: 0256C239
                    • __getptd.LIBCMT ref: 025698E5
                    • __getptd.LIBCMT ref: 025698F3
                    • __getptd.LIBCMT ref: 025698FE
                      • Part of subcall function 02564EBC: __CallSettingFrame@12.LIBCMT ref: 02564F08
                      • Part of subcall function 025699CB: __getptd.LIBCMT ref: 025699DA
                      • Part of subcall function 025699CB: __getptd.LIBCMT ref: 025699E8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                    • String ID:
                    • API String ID: 3282538202-0
                    • Opcode ID: 9c0a5c161a8e2c1b15864db23af9a3b49f8f2ebe87976c302c13bf6f9655ecab
                    • Instruction ID: ea346b20f9521f1a169f804146d39ce3602b3e8ed69b819e1f9745e51e60b721
                    • Opcode Fuzzy Hash: 9c0a5c161a8e2c1b15864db23af9a3b49f8f2ebe87976c302c13bf6f9655ecab
                    • Instruction Fuzzy Hash: 0A110771D0020ADFDF10EFE4E848AAE7BB1FF48311F10846AE855AB250DB389A15DF54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #535.MFC42(00000028,?,00000084,00414DF8,000000FF,0040687F,?,00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 00406E8A
                    • #6199.MFC42(?,00000028,?,00000084,00414DF8,000000FF,0040687F,?,00000000,?,?,?,?,?,?,00414D68), ref: 00406EA6
                    • #6199.MFC42(?,00000028,?,00000084,00414DF8,000000FF,0040687F,?,00000000,?,?,?,?,?,?,00414D68), ref: 00406EB8
                    • InvalidateRect.USER32(?,00000000,00000001,?,00000028,?,00000084,00414DF8,000000FF,0040687F,?,00000000), ref: 00406EC8
                    • #800.MFC42(?,00000084,00414DF8,000000FF,0040687F,?,00000000,?,?,?,?,?,?,00414D68,000000FF), ref: 00406EDA
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #6199$#535#800InvalidateRect
                    • String ID:
                    • API String ID: 2250096790-0
                    • Opcode ID: 342f1318fd2db55e393ce326b2d25f908f542da5a53efa247e96fb4147a71df8
                    • Instruction ID: acf12b0b3c03ab895a4859c58cc06680e14fc2a642b044ffaffe437347d8b686
                    • Opcode Fuzzy Hash: 342f1318fd2db55e393ce326b2d25f908f542da5a53efa247e96fb4147a71df8
                    • Instruction Fuzzy Hash: 3C119E312047429FC724DF25D990F96B7E4AF80B24F008A2EF0A7576C0DB38E845CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleW.KERNEL32(100295C0,1002D350,00000008,0256C204,00000000,00000000,?,0000FFFF,02565116,02572A8D), ref: 0256C10D
                    • __lock.LIBCMT ref: 0256C141
                      • Part of subcall function 0256EDDA: __mtinitlocknum.LIBCMT ref: 0256EDF0
                      • Part of subcall function 0256EDDA: __amsg_exit.LIBCMT ref: 0256EDFC
                      • Part of subcall function 0256EDDA: RtlEnterCriticalSection.NTDLL(00000001), ref: 0256EE04
                    • InterlockedIncrement.KERNEL32(?), ref: 0256C14E
                    • __lock.LIBCMT ref: 0256C162
                    • ___addlocaleref.LIBCMT ref: 0256C180
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                    • String ID:
                    • API String ID: 637971194-0
                    • Opcode ID: 768fbc726d92abb0bb228344006085a731e37b07853c9766efa8d1f6e48e993b
                    • Instruction ID: 8cb8ad48172d3228b1db71460e873f21ca6bd904dbb6d0df3e6af3f0c8b556f0
                    • Opcode Fuzzy Hash: 768fbc726d92abb0bb228344006085a731e37b07853c9766efa8d1f6e48e993b
                    • Instruction Fuzzy Hash: 6B01AD71402B01DBE720EF65D908759BBF1BF94320F20890FE49A577A0CBB4A640CF19
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2379#3803#5981MessageSendWindow
                    • String ID:
                    • API String ID: 41091615-0
                    • Opcode ID: 3f86ad74a53c65dbd743024303f7986d72b946eb759f04598362b0b86d5cb45a
                    • Instruction ID: b322a5975815ca17cd86a3609e72c151721b30698352077341bce6ea49aa4474
                    • Opcode Fuzzy Hash: 3f86ad74a53c65dbd743024303f7986d72b946eb759f04598362b0b86d5cb45a
                    • Instruction Fuzzy Hash: 4CF03C707046109BD724EB35CC59B6B73A9BF58704B00482EE247D72D0EA79FC428799
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetParent.USER32(?), ref: 0040C815
                    • #2864.MFC42(00000000,?,0040B40E,00418224), ref: 0040C818
                    • GetParent.USER32(?), ref: 0040C82B
                    • #2864.MFC42(00000000,?,0040B40E,00418224), ref: 0040C82E
                    • SendMessageA.USER32(?,00000401,00000000,?), ref: 0040C855
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2864Parent$MessageSend
                    • String ID:
                    • API String ID: 3017527651-0
                    • Opcode ID: 8ea177a066649a3f28e08f230772a9af5d8b5d7ca29a03111e89b751df85a48b
                    • Instruction ID: 9091617dd2a516ae6923d3b0b7a5ec855a974dc44a7e4feaf1987ad5b382af20
                    • Opcode Fuzzy Hash: 8ea177a066649a3f28e08f230772a9af5d8b5d7ca29a03111e89b751df85a48b
                    • Instruction Fuzzy Hash: 01F012B6300210ABD714AB75DC48EABB3A9FFD8711F05C92EF65597250D674E801CB64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 100032DC
                    • CancelIo.KERNEL32(?), ref: 100032E6
                    • InterlockedExchange.KERNEL32(00000000,00000000), ref: 100032EF
                    • closesocket.WS2_32(?), ref: 100032F9
                    • SetEvent.KERNEL32(00000001), ref: 10003303
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                    • String ID:
                    • API String ID: 1486965892-0
                    • Opcode ID: 5c4df38dcddf7cb9d1617a7fc0b9eb93d91a11a3f0a906413ff34a1e3632f966
                    • Instruction ID: 44e71dcc0f6ad8781666f9a4eeaeba24a323ec3197cf4e03a1352f06e36ce7a4
                    • Opcode Fuzzy Hash: 5c4df38dcddf7cb9d1617a7fc0b9eb93d91a11a3f0a906413ff34a1e3632f966
                    • Instruction Fuzzy Hash: B2F04F75100710EBE330DB54CD89F5777B8FB48B11F204A58F68A97690CBB0B9098BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 02554EE0
                    • CancelIo.KERNEL32(?), ref: 02554EEA
                    • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02554EF3
                    • closesocket.WS2_32(?), ref: 02554EFD
                    • SetEvent.KERNEL32(00000001), ref: 02554F07
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                    • String ID:
                    • API String ID: 1486965892-0
                    • Opcode ID: 5c4df38dcddf7cb9d1617a7fc0b9eb93d91a11a3f0a906413ff34a1e3632f966
                    • Instruction ID: 39139733c3896db1efdf134992972bca7f1f956a275bae77907c0bb37e85952a
                    • Opcode Fuzzy Hash: 5c4df38dcddf7cb9d1617a7fc0b9eb93d91a11a3f0a906413ff34a1e3632f966
                    • Instruction Fuzzy Hash: 3BF03C76100710EBE2309B58CD89F5677B8BB88B11F200658F68A97690CBB0B4098BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 1001CACC
                      • Part of subcall function 1001A625: __getptd_noexit.LIBCMT ref: 1001A628
                      • Part of subcall function 1001A625: __amsg_exit.LIBCMT ref: 1001A635
                    • __getptd.LIBCMT ref: 1001CAE3
                    • __amsg_exit.LIBCMT ref: 1001CAF1
                    • __lock.LIBCMT ref: 1001CB01
                    • __updatetlocinfoEx_nolock.LIBCMT ref: 1001CB15
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                    • String ID:
                    • API String ID: 938513278-0
                    • Opcode ID: 087a6bdd3a1762fe5990592ff04e432f842b3332d3b36b8464343aa072908743
                    • Instruction ID: 232d70c9658e95e52750b2a0c3a3245ee20002c1344903c27d0605dee818a48f
                    • Opcode Fuzzy Hash: 087a6bdd3a1762fe5990592ff04e432f842b3332d3b36b8464343aa072908743
                    • Instruction Fuzzy Hash: 25F06D3690161C9BD662EBB49807F4D72E0EF04728F51410AF815AF292CF74EAC08A96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 0256E6D0
                      • Part of subcall function 0256C229: __getptd_noexit.LIBCMT ref: 0256C22C
                      • Part of subcall function 0256C229: __amsg_exit.LIBCMT ref: 0256C239
                    • __getptd.LIBCMT ref: 0256E6E7
                    • __amsg_exit.LIBCMT ref: 0256E6F5
                    • __lock.LIBCMT ref: 0256E705
                    • __updatetlocinfoEx_nolock.LIBCMT ref: 0256E719
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                    • String ID:
                    • API String ID: 938513278-0
                    • Opcode ID: 087a6bdd3a1762fe5990592ff04e432f842b3332d3b36b8464343aa072908743
                    • Instruction ID: b3093b8dda304eebec2124cc140628efc39f986a88e21dbdfefa7d79bf5fdebb
                    • Opcode Fuzzy Hash: 087a6bdd3a1762fe5990592ff04e432f842b3332d3b36b8464343aa072908743
                    • Instruction Fuzzy Hash: C6F09036907212DFE622BBA4E80EF7D37A2BF84725F10450AE5516B2D1CB685940CE5E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #3797.MFC42(?,0040D400,?), ref: 0040D603
                    • GetDlgItem.USER32(?,00000000), ref: 0040D616
                    • #6242.MFC42(00000000,?,?,0040D400,?), ref: 0040D620
                    • #6215.MFC42(00000000,?,00000000,?,?,0040D400,?), ref: 0040D63E
                    • #4284.MFC42(00000000,06000000,00000000,00000000,?,00000000,?,?,0040D400,?), ref: 0040D64E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3797#4284#6215#6242Item
                    • String ID:
                    • API String ID: 163676089-0
                    • Opcode ID: bbdefc49f42978dbb330f46806cb30dce664b35b8f06debbe97310d482e1112a
                    • Instruction ID: 954870d2d43f5e1bbece549e5f54aa514239d2e7e26e16cc4688ba2cbd4e98a8
                    • Opcode Fuzzy Hash: bbdefc49f42978dbb330f46806cb30dce664b35b8f06debbe97310d482e1112a
                    • Instruction Fuzzy Hash: CCF0E57234030453DA247B609C06FEF7359ABD4705F04051FF2279B1C1CAB8B8828788
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 1001435A: _doexit.LIBCMT ref: 10014366
                    • ___set_flsgetvalue.LIBCMT ref: 100135BC
                      • Part of subcall function 1001A46A: TlsGetValue.KERNEL32(?,1001A5C3,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A473
                      • Part of subcall function 1001A46A: DecodePointer.KERNEL32(?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A485
                      • Part of subcall function 1001A46A: TlsSetValue.KERNEL32(00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A494
                    • ___fls_getvalue@4.LIBCMT ref: 100135C7
                      • Part of subcall function 1001A44A: TlsGetValue.KERNEL32(?,?,100135CC,00000000), ref: 1001A458
                    • ___fls_setvalue@8.LIBCMT ref: 100135DA
                      • Part of subcall function 1001A49E: DecodePointer.KERNEL32(?,?,?,100135DF,00000000,?,00000000), ref: 1001A4AF
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 100135E3
                    • ExitThread.KERNEL32 ref: 100135EA
                    • GetCurrentThreadId.KERNEL32 ref: 100135F0
                    • __freefls@4.LIBCMT ref: 10013610
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                    • String ID:
                    • API String ID: 781180411-0
                    • Opcode ID: 713bbccf4b0776355bb04145a6c8db684de101de3f9724510ee4b6c2403f121b
                    • Instruction ID: c11ffccf0dc3ad49a91826cb9f12cce395e23d6369393c6cf5dead5998c5d725
                    • Opcode Fuzzy Hash: 713bbccf4b0776355bb04145a6c8db684de101de3f9724510ee4b6c2403f121b
                    • Instruction Fuzzy Hash: 26E04F7980071567DB00ABB18D0F84F36ADEF87244F118050F9149B413EA78E8D286A2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 1000AB1C
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107A4
                      • Part of subcall function 1001078F: __CxxThrowException@8.LIBCMT ref: 100107B9
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107CA
                    • _memmove.LIBCMT ref: 1000AB78
                    • _memmove.LIBCMT ref: 1000ABA3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memmovestd::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                    • String ID: vector<T> too long
                    • API String ID: 2063937883-3788999226
                    • Opcode ID: e798162df7e2c9ae94919a9e2f0b292b394d3c94a4210df95c873e5fedd467a7
                    • Instruction ID: 92fe5276f74f395a2b1ce26f710774e0e524bf8c7f5992a45b2a6ffc294bb970
                    • Opcode Fuzzy Hash: e798162df7e2c9ae94919a9e2f0b292b394d3c94a4210df95c873e5fedd467a7
                    • Instruction Fuzzy Hash: D04172B6A006059FDB14CF68DC85EABB7E9EB88250F108A2DF416D7745EB30F940CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Fputc$H_prolog3_
                    • String ID:
                    • API String ID: 2569218679-3916222277
                    • Opcode ID: e54e7b673c23e12618f1c487f22cf5df82446c2d8482f7e38a0fe44593afe8a4
                    • Instruction ID: 51731c9b33a73457a4c40cc754e0f5b1f684f4f288cb51cc73bee5b9570f69ca
                    • Opcode Fuzzy Hash: e54e7b673c23e12618f1c487f22cf5df82446c2d8482f7e38a0fe44593afe8a4
                    • Instruction Fuzzy Hash: 9C41AF35904649DFCF29CBE4D880ADEB7F5FF48354F21891AE951AB280D771E884CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009E6C
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009E86
                    • _memmove.LIBCMT ref: 10009EDC
                      • Part of subcall function 10009310: std::_Xinvalid_argument.LIBCPMT ref: 10009329
                      • Part of subcall function 10009310: std::_Xinvalid_argument.LIBCPMT ref: 1000934A
                      • Part of subcall function 10009310: std::_Xinvalid_argument.LIBCPMT ref: 10009365
                      • Part of subcall function 10009310: _memmove.LIBCMT ref: 100093CD
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Xinvalid_argumentstd::_$_memmove
                    • String ID: string too long
                    • API String ID: 2168136238-2556327735
                    • Opcode ID: a4c297b3f3edf23924b82806efb731bb6175b98080079e3df762e49f5766fbc8
                    • Instruction ID: 98ffe9e0373835fe666c5fb397ac2f6af267356310a6bf1da27b8975a74df2f2
                    • Opcode Fuzzy Hash: a4c297b3f3edf23924b82806efb731bb6175b98080079e3df762e49f5766fbc8
                    • Instruction Fuzzy Hash: B03137327006504BE724DE5CE88096EF7EAEFD06E0760492FF596CB699C771AC8083A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memset$_mallocgethostname
                    • String ID: SYSTEM\Setup
                    • API String ID: 3408214736-1397563030
                    • Opcode ID: c9ffdf8b720a84180d0d7c2c5591c963257f3da7358db23fbcde2a2d46f2882d
                    • Instruction ID: b17a529a329755b11648d73eeb0de6216f2e79853542c3f2ebe8abd60963d9b5
                    • Opcode Fuzzy Hash: c9ffdf8b720a84180d0d7c2c5591c963257f3da7358db23fbcde2a2d46f2882d
                    • Instruction Fuzzy Hash: 5231A9B1901665AFEB20DF69CC89FAE7BB5FB48710F104169EA1867380D7705641CF9C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009554
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107A4
                      • Part of subcall function 1001078F: __CxxThrowException@8.LIBCMT ref: 100107B9
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107CA
                    • std::_Xinvalid_argument.LIBCPMT ref: 10009563
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                    • String ID: string too long
                    • API String ID: 963545896-2556327735
                    • Opcode ID: be0f32bcc2ca7cfbe7bb9c86ce0ca1277e3d8ecfc250c9baafb858de2c7e9803
                    • Instruction ID: a3a3c333d01466a180477abba552f544907db2e539a8dc81f369461f82e7ebcd
                    • Opcode Fuzzy Hash: be0f32bcc2ca7cfbe7bb9c86ce0ca1277e3d8ecfc250c9baafb858de2c7e9803
                    • Instruction Fuzzy Hash: 68210432305A909BE333CA5DAC0055AFBE8DF926B2B25491BF9D18B391C371D840C7E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 02558790
                    • _memset.LIBCMT ref: 0255879C
                    • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1002F840), ref: 02558801
                      • Part of subcall function 02564AB8: _malloc.LIBCMT ref: 02564AD2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _memset$_malloclstrlen
                    • String ID: SYSTEM\Setup
                    • API String ID: 285548681-1397563030
                    • Opcode ID: 4005865e33b16d775844fe915105a5a25a4f52d02b6b1b823b507fc9159224b1
                    • Instruction ID: b63cb73270a80bb04b5df09e025adbcb5e1b10d367a4483bddeeb4f737ff4750
                    • Opcode Fuzzy Hash: 4005865e33b16d775844fe915105a5a25a4f52d02b6b1b823b507fc9159224b1
                    • Instruction Fuzzy Hash: 9721A9B1D01665AFEB20DF68CC49BAEBBB5FB48710F104169EA1867380D7705645CF98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___BuildCatchObject.LIBCMT ref: 02569C65
                      • Part of subcall function 02569BC0: ___BuildCatchObjectHelper.LIBCMT ref: 02569BF6
                    • _UnwindNestedFrames.LIBCMT ref: 02569C7C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: BuildCatchObject$FramesHelperNestedUnwind
                    • String ID: csm$csm
                    • API String ID: 3487967840-3733052814
                    • Opcode ID: 72b0c324ea79d54bf9ced1a08a521f4c5615a0452c37200f439a9ae73172eca6
                    • Instruction ID: 2acd5c234ef2b6911a08bfc08b899f2ec7fa3bd2b3bc37b34e6191311c55a5e4
                    • Opcode Fuzzy Hash: 72b0c324ea79d54bf9ced1a08a521f4c5615a0452c37200f439a9ae73172eca6
                    • Instruction Fuzzy Hash: E701F67500010AFBEF126F51CD48EBA7FABFF48354F044010BD1856160DB3299B1DBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,10027628,?), ref: 02557876
                    • RegSetValueExA.ADVAPI32(?,10027618,00000000,00000001,?,?), ref: 025578A2
                    • RegCloseKey.ADVAPI32(?), ref: 025578AD
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseCreateValue
                    • String ID: SYSTEM\Setup
                    • API String ID: 1818849710-1397563030
                    • Opcode ID: a5749bc39feec96681431c9a0d17588fa11fd8d834cde4cb914a7478d4417bbf
                    • Instruction ID: 44f514afb12cf5655d2a5ab7c373283a3fe27fe1bc25a2cb518cceed07c4acd4
                    • Opcode Fuzzy Hash: a5749bc39feec96681431c9a0d17588fa11fd8d834cde4cb914a7478d4417bbf
                    • Instruction Fuzzy Hash: C5F08276600125FFE714CB949C9DFFA776CEB89721F204145FE0997241C731DE0996A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,10027628,?), ref: 025578D6
                    • RegSetValueExA.ADVAPI32(?,10027620,00000000,00000001,?,?), ref: 02557902
                    • RegCloseKey.ADVAPI32(?), ref: 0255790D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseCreateValue
                    • String ID: SYSTEM\Setup
                    • API String ID: 1818849710-1397563030
                    • Opcode ID: 1531b198c8937c57f97394655215b538626a6dedd187faa1e2281873f503604a
                    • Instruction ID: 80ae61232666da595273ed4be361a1d989b60df95ffaea851d0ada645430f8f4
                    • Opcode Fuzzy Hash: 1531b198c8937c57f97394655215b538626a6dedd187faa1e2281873f503604a
                    • Instruction Fuzzy Hash: 2FF08276600129FFE710CB949C9DFFA7B6CEB49710F204145FE4997241D731EE0996A8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetLastError.KERNEL32(00000057), ref: 100043E5
                    • SetLastError.KERNEL32(00000057), ref: 1000442B
                    • SetLastError.KERNEL32(00000000), ref: 10004487
                    • SetLastError.KERNEL32(0000139F), ref: 100044A0
                    • SetLastError.KERNEL32(00000057), ref: 100044B9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast
                    • String ID:
                    • API String ID: 1452528299-0
                    • Opcode ID: 56b71f055dfdbc7bbb3b36aca337fa0a563b0df21567142f27efa27f35361ac2
                    • Instruction ID: 7f3fa6785859ecb4e7e984816415dd46745b976a9cd8d214a2b3c05267b34ae9
                    • Opcode Fuzzy Hash: 56b71f055dfdbc7bbb3b36aca337fa0a563b0df21567142f27efa27f35361ac2
                    • Instruction Fuzzy Hash: 5A31A9B160020497FF00CE19DD84BAA73E9FB843D1F1240AAFC09CB249DF71ED4086A8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetLastError.KERNEL32(00000057), ref: 02555FE9
                    • SetLastError.KERNEL32(00000057), ref: 0255602F
                    • SetLastError.KERNEL32(00000000), ref: 0255608B
                    • SetLastError.KERNEL32(0000139F), ref: 025560A4
                    • SetLastError.KERNEL32(00000057), ref: 025560BD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast
                    • String ID:
                    • API String ID: 1452528299-0
                    • Opcode ID: 56b71f055dfdbc7bbb3b36aca337fa0a563b0df21567142f27efa27f35361ac2
                    • Instruction ID: 8bad3113c9c54c62d6964cbf0d2bc9f2c54e5c0aa70564c8d10633f2ba20a606
                    • Opcode Fuzzy Hash: 56b71f055dfdbc7bbb3b36aca337fa0a563b0df21567142f27efa27f35361ac2
                    • Instruction Fuzzy Hash: 0131A271700265D7EB249E1DD8A4BBA7BADFF54311F84406BFC09DB264EB71D810C698
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02557DD4
                    • HeapFree.KERNEL32(00000000), ref: 02557DDB
                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 02557DF1
                    • GetProcessHeap.KERNEL32(00000000,?), ref: 02557DFA
                    • HeapFree.KERNEL32(00000000), ref: 02557E01
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$Free$Process$Virtual
                    • String ID:
                    • API String ID: 1594822054-0
                    • Opcode ID: 6c60abcbb7f15660c0cb4d894f03a0efabfed699cfbdf7f93e4cc5ebbe665d55
                    • Instruction ID: f6ada4911c99574dfe27616f61df8295e6eed0024dd17ca953cb7b60e9ab71f7
                    • Opcode Fuzzy Hash: 6c60abcbb7f15660c0cb4d894f03a0efabfed699cfbdf7f93e4cc5ebbe665d55
                    • Instruction Fuzzy Hash: 45113D31240720EBD3208F69CC88F66B7A9BF48715F144519E959876D0C774F441CB64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10013BB3
                      • Part of subcall function 1001385E: __getptd.LIBCMT ref: 10013871
                      • Part of subcall function 1001350D: __getptd_noexit.LIBCMT ref: 1001350D
                    • __stricmp_l.LIBCMT ref: 10013C20
                      • Part of subcall function 1001CF55: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1001CF64
                    • ___crtLCMapStringA.LIBCMT ref: 10013C76
                    • ___crtLCMapStringA.LIBCMT ref: 10013CF7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Locale$StringUpdateUpdate::____crt$__getptd__getptd_noexit__stricmp_l
                    • String ID:
                    • API String ID: 2544346105-0
                    • Opcode ID: 406befcdce29a0115a0dd9be8b2801719b892fab8446499b139b145408151e85
                    • Instruction ID: fa791091985cac6cca703c4cdf52c44dbcf03fef63ba02250e5688f910539adf
                    • Opcode Fuzzy Hash: 406befcdce29a0115a0dd9be8b2801719b892fab8446499b139b145408151e85
                    • Instruction Fuzzy Hash: FA510770D04299ABDB25CB64D885BAD7BF4EB01328F24C199E4A16F1D2C734DEC1DB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 025657B7
                      • Part of subcall function 02565462: __getptd.LIBCMT ref: 02565475
                      • Part of subcall function 02565111: __getptd_noexit.LIBCMT ref: 02565111
                    • __stricmp_l.LIBCMT ref: 02565824
                      • Part of subcall function 0256EB59: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0256EB68
                    • ___crtLCMapStringA.LIBCMT ref: 0256587A
                    • ___crtLCMapStringA.LIBCMT ref: 025658FB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Locale$StringUpdateUpdate::____crt$__getptd__getptd_noexit__stricmp_l
                    • String ID:
                    • API String ID: 2544346105-0
                    • Opcode ID: b5534051065416b8f74de3c98192c73968ac532c021b6470beed5cb967cb61be
                    • Instruction ID: 79904f52f6bdf15ee40da940e7bb09053d4dcebda482ceb0b5e9ccd3083e015b
                    • Opcode Fuzzy Hash: b5534051065416b8f74de3c98192c73968ac532c021b6470beed5cb967cb61be
                    • Instruction Fuzzy Hash: 3B513870944289ABDF298B64C88CBBD7FB0BB41338FA84699E4A25B1D1F7308945CB14
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WaitForSingleObject.KERNEL32(?,000000FF,1002F840), ref: 02560D41
                    • SetLastError.KERNEL32(00000000), ref: 02560D4F
                    • CancelWaitableTimer.KERNEL32(?), ref: 02560D62
                    • CloseHandle.KERNEL32(?), ref: 02560D9F
                      • Part of subcall function 02555EC4: GetCurrentThreadId.KERNEL32 ref: 02555EC8
                      • Part of subcall function 02560894: HeapDestroy.KERNEL32(00000000,1002F840,?,?,?,?,100268D3,000000FF), ref: 025608D4
                      • Part of subcall function 02560894: HeapCreate.KERNEL32(00000001,?,?,1002F840,?,?,?,?,100268D3,000000FF), ref: 025608E6
                      • Part of subcall function 02560894: _free.LIBCMT ref: 025608F6
                      • Part of subcall function 02560894: HeapDestroy.KERNEL32(?,?,?,?,?,100268D3,000000FF), ref: 02560924
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$Destroy$CancelCloseCreateCurrentErrorHandleLastObjectSingleThreadTimerWaitWaitable_free
                    • String ID:
                    • API String ID: 2038525957-0
                    • Opcode ID: 5be643c7a5b453ed44187c758ddbe4cc34a9a4e0398db8b41dcaa8a9535f6c44
                    • Instruction ID: f18cf8d58f3ddeb8a0ea4126de3d4af3cbd0958b63662bf0281ff189cde430ac
                    • Opcode Fuzzy Hash: 5be643c7a5b453ed44187c758ddbe4cc34a9a4e0398db8b41dcaa8a9535f6c44
                    • Instruction Fuzzy Hash: 8C51E670500B569BDB21EBB8CD98BAAFBE5FF44314F144A49D86AD33C0DB34A904CB55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                    • String ID:
                    • API String ID: 2782032738-0
                    • Opcode ID: 6a7e0a70605274945ea99acdae8ab8ad45f7d8486c42ba19e33a5d1090af313b
                    • Instruction ID: f1a460e1718655897d6bafe6eec14cee44566f42124112d9482f433de264493d
                    • Opcode Fuzzy Hash: 6a7e0a70605274945ea99acdae8ab8ad45f7d8486c42ba19e33a5d1090af313b
                    • Instruction Fuzzy Hash: BB41E675A00A059BDB14CFA5C88465EB7F6EF803A0F228129E8559F1A1DF70EED1DB40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1b9a30cc9eb1fb833af63ec1605bb7339cfdb49189d08ec682890880cf819239
                    • Instruction ID: 77cc81036806ad78a0974b1512ab24e483e427756241434b7f822bfafededa90
                    • Opcode Fuzzy Hash: 1b9a30cc9eb1fb833af63ec1605bb7339cfdb49189d08ec682890880cf819239
                    • Instruction Fuzzy Hash: 254191B1600210ABE721DF68CC95F3B77A9FF88714F14419AFE08CB251EB71E9418BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 025611CF
                    • Thread32First.KERNEL32(00000000,?), ref: 025611E5
                    • Thread32Next.KERNEL32(00000000,0000001C), ref: 025612CA
                    • CloseHandle.KERNEL32(00000000,00000000,?,00000004,00000000,1002F840), ref: 025612D8
                    • std::_Xinvalid_argument.LIBCPMT ref: 02561301
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 02561344
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 0256135E
                    • LookupPrivilegeValueA.ADVAPI32(00000000,10027888,?), ref: 0256137F
                    • GetLengthSid.ADVAPI32(?), ref: 025614D8
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 025614EC
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 02561517
                    • CloseHandle.KERNEL32(?), ref: 02561535
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 0256154D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthLookupNextPrivilegeSnapshotTerminateToolhelp32ValueXinvalid_argumentstd::_
                    • String ID:
                    • API String ID: 1460141610-0
                    • Opcode ID: 585106dcbea582aa5b89f23c6e1d5198c5428eee0ebd4bd603b19dd9bfb9c8ca
                    • Instruction ID: a87021ff4682b47fe5fcf985713f562c2cc435c93f28d8b0c6e74f6508918461
                    • Opcode Fuzzy Hash: 585106dcbea582aa5b89f23c6e1d5198c5428eee0ebd4bd603b19dd9bfb9c8ca
                    • Instruction Fuzzy Hash: BB313371A006059FDB14DFA5C984ABEB7F5FB88714F10892EE91AD7780EB70E9408B58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 100232EC
                    • __isleadbyte_l.LIBCMT ref: 1002331F
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,1001BCCE,?,00000000,00000000,?,?,?,?,1001BCCE,00000000), ref: 10023350
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,1001BCCE,00000001,00000000,00000000,?,?,?,?,1001BCCE,00000000), ref: 100233BE
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                    • String ID:
                    • API String ID: 3058430110-0
                    • Opcode ID: 5eb0c5b8285dbc872c92d7b299e38e841411024ae41c6cfe467d62e0b8c76184
                    • Instruction ID: 6296171074b46327e1e35dcfbab98363525ec9e1102320a99f4ace20a3cfe4f7
                    • Opcode Fuzzy Hash: 5eb0c5b8285dbc872c92d7b299e38e841411024ae41c6cfe467d62e0b8c76184
                    • Instruction Fuzzy Hash: 3A31ED30A00286EFDB10DFA4D8819AE3BE5FF01250F95C5A9F8648B091EB31EF80DB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02574EF0
                    • __isleadbyte_l.LIBCMT ref: 02574F23
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,02564FA8,?,00000000,00000000,?,?,?,?,02564FA8,00000000), ref: 02574F54
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,02564FA8,00000001,00000000,00000000,?,?,?,?,02564FA8,00000000), ref: 02574FC2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                    • String ID:
                    • API String ID: 3058430110-0
                    • Opcode ID: 565ebf90be6d2ba27df71ed43ede02dd76309b38464449df31bf29b99f565147
                    • Instruction ID: b1c2dd32cb1c96a727c02b8e81ad99ab5a0e7718b7b06ac1fd805613977af9f7
                    • Opcode Fuzzy Hash: 565ebf90be6d2ba27df71ed43ede02dd76309b38464449df31bf29b99f565147
                    • Instruction Fuzzy Hash: 8831D231A84256EFEB20DF64D884ABE3FB5FF41324F1485A9F8558B290E730D980DB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • timeGetTime.WINMM ref: 025570C2
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 025570D1
                    • WaitForSingleObject.KERNEL32(?,00001770), ref: 02557123
                      • Part of subcall function 02555EC4: GetCurrentThreadId.KERNEL32 ref: 02555EC8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CurrentExchangeInterlockedObjectSingleThreadTimeWaittime
                    • String ID:
                    • API String ID: 2244058349-0
                    • Opcode ID: feee2e41c133d1b22d6b796db48a4cc785f19063a248342d5939f06f2871ed36
                    • Instruction ID: 7c6427ff7ba23e2a18e91ab00823afdc446b5ebd4478b7c678c9ddd1917af6c3
                    • Opcode Fuzzy Hash: feee2e41c133d1b22d6b796db48a4cc785f19063a248342d5939f06f2871ed36
                    • Instruction Fuzzy Hash: B3318172600714ABD630EF69DC85F97B7E9FF88710F100A0EEA8AC7690D771B4058BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ObjectSelect$#2864Parent
                    • String ID:
                    • API String ID: 1399990326-0
                    • Opcode ID: 5d0ca18f82049aeb3e89bf70d4b0f3f4292ae6edb1f7cf3c46a8d35b0494b69e
                    • Instruction ID: 06e337719de34ea06dba102e74055399f04c6224a47e07a4644ed1119b8c985b
                    • Opcode Fuzzy Hash: 5d0ca18f82049aeb3e89bf70d4b0f3f4292ae6edb1f7cf3c46a8d35b0494b69e
                    • Instruction Fuzzy Hash: 6E21A375300102DBCB54DF19C8C8EA7B3AABF94711B15456AF885AB390D738EC02CF99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __floor_pentium4.LIBCMT ref: 10001182
                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 100011C2
                    • _memmove.LIBCMT ref: 100011DE
                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 100011F1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Virtual$AllocFree__floor_pentium4_memmove
                    • String ID:
                    • API String ID: 1828152804-0
                    • Opcode ID: 21b21ec2742564cc80e173f095c1d21d7d16beb0a4b61982f74cee913a12df5b
                    • Instruction ID: a005891867a68f85cbffcccb02d29acf9b9cfd6f7f01d1bd69afafa2bea04be6
                    • Opcode Fuzzy Hash: 21b21ec2742564cc80e173f095c1d21d7d16beb0a4b61982f74cee913a12df5b
                    • Instruction Fuzzy Hash: 7421E071604208AFEB14CF69D885A9BB7E8FF44751F10852EFD4996240E670A950C794
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GlobalFree.KERNEL32(?), ref: 00401CD4
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00401CEF
                    • GlobalAlloc.KERNEL32(00000040), ref: 00401D09
                    • #3286.MFC42(00000000), ref: 00401D2D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Global$#3286AllocFreeMessageSend
                    • String ID:
                    • API String ID: 2333393167-0
                    • Opcode ID: 03465e3dbb0c66fd5b7a838d22ed68892c495f45ca11631e42a1656f57e92ee8
                    • Instruction ID: 09124cf12a98bb5cf5cdedffdbdd5c2231ccafbc9b7add6754c01bd61c5e8d67
                    • Opcode Fuzzy Hash: 03465e3dbb0c66fd5b7a838d22ed68892c495f45ca11631e42a1656f57e92ee8
                    • Instruction Fuzzy Hash: 2C2146B12007019BC320DFA9D9C496BB7E9FB89701B04493EE186936A0D674E848CBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 0040F560: #3092.MFC42(00000000,0040AF2D,00000000,00000000,?,?,00000000,?,?,00000000,00000001,00808080,?,?,00000000), ref: 0040F562
                      • Part of subcall function 0040F560: SendMessageA.USER32(?,00001200,00000000,00000000), ref: 0040F578
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040E226
                    • SendMessageA.USER32(?,0000101D,00000000,00000000), ref: 0040E24B
                    • #3293.MFC42(?,?,00000000,?,75A91AC0,00000000), ref: 0040E26A
                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 0040E292
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3092#3293
                    • String ID:
                    • API String ID: 321520759-0
                    • Opcode ID: a636fac13dcf3342bb45fdc65b474f34cff3659d0ebee5277e31d7f47f2c1fca
                    • Instruction ID: 11f9f2ebc4ef3bec1c8eb3029b4196283a9360e848cdebb113a704cf5e2d7dd8
                    • Opcode Fuzzy Hash: a636fac13dcf3342bb45fdc65b474f34cff3659d0ebee5277e31d7f47f2c1fca
                    • Instruction Fuzzy Hash: 33215EB1604301ABD314DF5ACC81E2BF7E9FBC8754F144A2EF588A7381D674E8458B59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __floor_pentium4.LIBCMT ref: 100010B8
                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 100010E8
                    • _memmove.LIBCMT ref: 10001104
                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 1000111B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Virtual$AllocFree__floor_pentium4_memmove
                    • String ID:
                    • API String ID: 1828152804-0
                    • Opcode ID: 83390f44b909e9e9c2a69ebe75b2f5143022986fc09b398032f97ddb9c8114e4
                    • Instruction ID: b626ba846818d7837c54d267f9ffec9d36b22f7df543a35abe7fc41e4a14898e
                    • Opcode Fuzzy Hash: 83390f44b909e9e9c2a69ebe75b2f5143022986fc09b398032f97ddb9c8114e4
                    • Instruction Fuzzy Hash: D421C071A00308AFEB10CFA9CD86B9ABBE8FF04755F108529FD48D6240E6B0E9548754
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSAEventSelect.WS2_32(?,?,00000023), ref: 02556B7F
                    • WSAGetLastError.WS2_32 ref: 02556B8A
                    • send.WS2_32(?,00000000,00000000,00000000), ref: 02556BD8
                    • WSAGetLastError.WS2_32 ref: 02556BE3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: ErrorLast$EventSelectsend
                    • String ID:
                    • API String ID: 259408233-0
                    • Opcode ID: cce328325078164802454b0f4326c928382e7be66455a3038faf431385202997
                    • Instruction ID: caee6aec08176f169e116988fa4ab663caca5bcf4936b12fa52c023ba9f957fa
                    • Opcode Fuzzy Hash: cce328325078164802454b0f4326c928382e7be66455a3038faf431385202997
                    • Instruction Fuzzy Hash: 7A113D721017609BE3209B69DC98A97BBADFB88724F50062EFA5A83650D771E840CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D64
                    • _memset.LIBCMT ref: 10005D71
                    • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 10005D86
                    • _memmove.LIBCMT ref: 10005D99
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocVirtual$_memmove_memset
                    • String ID:
                    • API String ID: 725130153-0
                    • Opcode ID: 425fc56b958db6cf1717ff409a69d2e240983d18735e9ce39cd43b6947b8e182
                    • Instruction ID: aefe4fad0a403427d52524d7469d172ddc50bf029b88bd540873a0603f65f42d
                    • Opcode Fuzzy Hash: 425fc56b958db6cf1717ff409a69d2e240983d18735e9ce39cd43b6947b8e182
                    • Instruction Fuzzy Hash: EF118974200204AFE720CF48CC84F6BB3E9EF88791F21845AF9499B354D2B1EC81CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32 ref: 00410656
                    • #6907.MFC42(00000000,?,?,00000000), ref: 0041066F
                    • SendMessageA.USER32(?,0000100D,00000000,00418228), ref: 00410683
                    • #6907.MFC42(?,?,?,00418228,?,?), ref: 004106A8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #6907MessageSend
                    • String ID:
                    • API String ID: 3495772279-0
                    • Opcode ID: 476eb66d8d15b0b91c74a7e8ac727ff5c4a30e1e3f604982a680abb02b47b188
                    • Instruction ID: 9416d4597f699ecf4e8977037dc84b047f4e35729ef575254219eb1c86e8c552
                    • Opcode Fuzzy Hash: 476eb66d8d15b0b91c74a7e8ac727ff5c4a30e1e3f604982a680abb02b47b188
                    • Instruction Fuzzy Hash: E01190753052016BD204EA1ACC80DABB3E9FBC8764F004A1EF95897380D674ED918BE5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 00402014
                    • #3998.MFC42(00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 00402049
                    • #6007.MFC42(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000001,?,000000FF,00000000,00000000,00000000,00000000), ref: 0040206C
                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040208A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: MessageSend$#3998#6007
                    • String ID:
                    • API String ID: 1326147382-0
                    • Opcode ID: 73b549d68eac35534e0705d2ccbe2658121f7703a9dc9ca7a1c2d74a1be6d168
                    • Instruction ID: 16714c7c43124f5830768c9a2ddf7a98214fce5ffb963d4cb524b3066f7cda10
                    • Opcode Fuzzy Hash: 73b549d68eac35534e0705d2ccbe2658121f7703a9dc9ca7a1c2d74a1be6d168
                    • Instruction Fuzzy Hash: EF113D75344301BFE324CE44CC86F57B365EB88B14F208659B7256B2C1C6B1F806CBA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SendMessageA.USER32 ref: 004105B6
                    • #6907.MFC42(00000000,?,000000FF,00000000), ref: 004105C9
                    • SendMessageA.USER32(?,0000100D,00000000,00418228), ref: 004105DD
                    • #6907.MFC42(?,?,000000FF,00418228,?,?), ref: 004105FD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #6907MessageSend
                    • String ID:
                    • API String ID: 3495772279-0
                    • Opcode ID: d1603cfe58ad80ebdb7c488a3ea4349972197ebcea95ad838881d0a2f5de2f9f
                    • Instruction ID: e185959f35387fcc2736495c3e1c70f2b2af64d0a1212443c0d3ecade73d6c3f
                    • Opcode Fuzzy Hash: d1603cfe58ad80ebdb7c488a3ea4349972197ebcea95ad838881d0a2f5de2f9f
                    • Instruction Fuzzy Hash: 7E11A3717052126BC604EA1ACC90DABB3E9EBC8374F00471EF964972C1DA75E94187E5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _free.LIBCMT ref: 10008C9B
                      • Part of subcall function 10012E7A: HeapFree.KERNEL32(00000000,00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012E90
                      • Part of subcall function 10012E7A: GetLastError.KERNEL32(00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012EA2
                    • _free.LIBCMT ref: 10008CC4
                    • _free.LIBCMT ref: 10008CDD
                    • _free.LIBCMT ref: 10008CFB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: a5ff03009f0ffdf83eec457dd24ac38f850917322b8e17922f3c016bdaed48c8
                    • Instruction ID: e04a93a11fc6633df2a9094bdb7b32a2192b1e6165e96a9653cb3ccee95f548a
                    • Opcode Fuzzy Hash: a5ff03009f0ffdf83eec457dd24ac38f850917322b8e17922f3c016bdaed48c8
                    • Instruction Fuzzy Hash: CB1182B6C02620679A21CFA49881A1F73A8FF656713064649ED856F30AD734FDB087E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002EDE
                    • TranslateMessage.USER32(?), ref: 10002F01
                    • DispatchMessageA.USER32(?), ref: 10002F07
                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 10002F15
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Message$Peek$DispatchTranslate
                    • String ID:
                    • API String ID: 1795658109-0
                    • Opcode ID: 3752feb1c3c00faa5d2b8b4fa78b17f961dacea6a876d09fabb9b5f8006e89a8
                    • Instruction ID: d1cfd16e530d98ed1ac680f33096677721dd3c227185e2e3897be667415b4149
                    • Opcode Fuzzy Hash: 3752feb1c3c00faa5d2b8b4fa78b17f961dacea6a876d09fabb9b5f8006e89a8
                    • Instruction Fuzzy Hash: EE01AC33F51219A6F710D699EC81FEAB7ACE7847A0F100167FE08D71C4D6A5E84687E0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _free.LIBCMT ref: 0255A89F
                      • Part of subcall function 02564A7E: HeapFree.KERNEL32(00000000,00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564A94
                      • Part of subcall function 02564A7E: GetLastError.KERNEL32(00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564AA6
                    • _free.LIBCMT ref: 0255A8C8
                    • _free.LIBCMT ref: 0255A8E1
                    • _free.LIBCMT ref: 0255A8FF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: 84e40c6b2d6390608cd7d32b6d0dbd8e4d58d11965cb3e53cba2c8480c0de28e
                    • Instruction ID: c9c30140ef1ba073dd51bee27cfd928fcffa3212bb2da6f8dfd7c4f6e8859b4e
                    • Opcode Fuzzy Hash: 84e40c6b2d6390608cd7d32b6d0dbd8e4d58d11965cb3e53cba2c8480c0de28e
                    • Instruction Fuzzy Hash: 5611CE73D01631A7CB31ABA0C890A7B736ABF84B2030A4299DC042B304D725FC118BEA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000104), ref: 02561F1F
                    • _strncat.LIBCMT ref: 02561F46
                    • _strncat.LIBCMT ref: 02561F5C
                    • lstrcpy.KERNEL32(?,?), ref: 02561F82
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: _strncat$QueryValuelstrcpy
                    • String ID:
                    • API String ID: 3619189195-0
                    • Opcode ID: 19fc74eda0b31321f1ee4a6afbb61d406056d8f7fb5627279503309ea20f620b
                    • Instruction ID: 345ba230434e3ddc3919bd28d5022a93a68d12dd7f735df8fd4b9dce7e3ad13d
                    • Opcode Fuzzy Hash: 19fc74eda0b31321f1ee4a6afbb61d406056d8f7fb5627279503309ea20f620b
                    • Instruction Fuzzy Hash: CD1146B2901215ABDB24DFA0DC88BFDB379FB48314F504599E609A7180D775AA88CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 10001650: HeapFree.KERNEL32(?,00000000,?,75923070,?,?,100041D1,?,?,?,?,?,10026048,000000FF), ref: 10001675
                      • Part of subcall function 10001650: _free.LIBCMT ref: 10001691
                    • HeapDestroy.KERNEL32(00000000,FCCBADC3,?,?,?,?,100268D3,000000FF), ref: 1000ECD0
                    • HeapCreate.KERNEL32(00000001,?,?,FCCBADC3,?,?,?,?,100268D3,000000FF), ref: 1000ECE2
                    • _free.LIBCMT ref: 1000ECF2
                    • HeapDestroy.KERNEL32(?,?,?,?,?,100268D3,000000FF), ref: 1000ED20
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$Destroy_free$CreateFree
                    • String ID:
                    • API String ID: 4097506873-0
                    • Opcode ID: 4df680f42882b4c39feb1b6a394a33cfa7889398adbc3aa75b4c05e7a9cda114
                    • Instruction ID: e6966b957b927b21599dd9d9354d21e1c3e4e97dfa85cdde1fb4469f1775290c
                    • Opcode Fuzzy Hash: 4df680f42882b4c39feb1b6a394a33cfa7889398adbc3aa75b4c05e7a9cda114
                    • Instruction Fuzzy Hash: CF113AB5900B54AFE720CF58C848B57B7E8FF48750F104A2EE89A93740D775A804CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000860F
                    • std::exception::exception.LIBCMT ref: 10008648
                      • Part of subcall function 10012C75: std::exception::_Copy_str.LIBCMT ref: 10012C90
                    • __CxxThrowException@8.LIBCMT ref: 1000865D
                      • Part of subcall function 10012BA1: RaiseException.KERNEL32(?,?,10012F33,?,?,?,?,?,10012F33,?,1002BF84,100310A8,?,?,1000FF39,00000004), ref: 10012BE3
                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 10008664
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
                    • String ID:
                    • API String ID: 73090415-0
                    • Opcode ID: 3afc61553a4bfd7dd506e208a628e2a4bb7849e823caf4b2e2dba903220fd414
                    • Instruction ID: c6d6f025f2837b918a1b7885a5608a8bb8f6f669b13dec7993026e2a8a371baa
                    • Opcode Fuzzy Hash: 3afc61553a4bfd7dd506e208a628e2a4bb7849e823caf4b2e2dba903220fd414
                    • Instruction Fuzzy Hash: 0F11C8B1805788DFC711CF99D880A9AFBF8FB18240F80866FF45693741D734A604CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 02553254: HeapFree.KERNEL32(?,00000000,?,1002703C,?,?,02555DD5,?,?,?,?,?,10026048,000000FF), ref: 02553279
                      • Part of subcall function 02553254: _free.LIBCMT ref: 02553295
                    • HeapDestroy.KERNEL32(00000000,1002F840,?,?,?,?,100268D3,000000FF), ref: 025608D4
                    • HeapCreate.KERNEL32(00000001,?,?,1002F840,?,?,?,?,100268D3,000000FF), ref: 025608E6
                    • _free.LIBCMT ref: 025608F6
                    • HeapDestroy.KERNEL32(?,?,?,?,?,100268D3,000000FF), ref: 02560924
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Heap$Destroy_free$CreateFree
                    • String ID:
                    • API String ID: 4097506873-0
                    • Opcode ID: 4df680f42882b4c39feb1b6a394a33cfa7889398adbc3aa75b4c05e7a9cda114
                    • Instruction ID: 2458a2163eff52645d4be1b565c6c74a8c5f9a5e126aca64cf746286be6175c5
                    • Opcode Fuzzy Hash: 4df680f42882b4c39feb1b6a394a33cfa7889398adbc3aa75b4c05e7a9cda114
                    • Instruction Fuzzy Hash: 71110AB5900B54AFE724CF59C848B67FBE8FF48714F104A1DE89A93780E775A904CB94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 0255A213
                    • std::exception::exception.LIBCMT ref: 0255A24C
                      • Part of subcall function 02564879: std::exception::_Copy_str.LIBCMT ref: 02564894
                    • __CxxThrowException@8.LIBCMT ref: 0255A261
                      • Part of subcall function 025647A5: RaiseException.KERNEL32(?,?,?,?), ref: 025647E7
                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0255A268
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
                    • String ID:
                    • API String ID: 73090415-0
                    • Opcode ID: a37d7f815e1c8957e34cd6daf67bb6473fe35b4c7b8da1340fc35f7c02389de4
                    • Instruction ID: a7b77b9f734d99227d781ecfca81898a02460971d2468fa397844729915b0859
                    • Opcode Fuzzy Hash: a37d7f815e1c8957e34cd6daf67bb6473fe35b4c7b8da1340fc35f7c02389de4
                    • Instruction Fuzzy Hash: 9A11C8B1804749EFC720DF59D880A9AFBF8FB18210F80866FE85593700D7349604CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • EnterCriticalSection.KERNEL32(?), ref: 10003B0E
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003B1C
                    • LeaveCriticalSection.KERNEL32(?), ref: 10003B8E
                    • SetEvent.KERNEL32(?), ref: 10003BA9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$EnterEvent
                    • String ID:
                    • API String ID: 3394196147-0
                    • Opcode ID: d5a07c7992b1df5535ea0c801bb00f7c281061051f18a011ae497df24987a122
                    • Instruction ID: 969d63e67fdeeacfbf3c90162044ca163e29aaf60032f0bb16aec7c97b7c72a0
                    • Opcode Fuzzy Hash: d5a07c7992b1df5535ea0c801bb00f7c281061051f18a011ae497df24987a122
                    • Instruction Fuzzy Hash: 4111F3726006049BE311CF69C888BD7BBE9FF89354F15C42EE55A8B211DB31E842CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RtlEnterCriticalSection.NTDLL(?), ref: 02555712
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 02555720
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 02555792
                    • SetEvent.KERNEL32(?), ref: 025557AD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$EnterEvent
                    • String ID:
                    • API String ID: 3394196147-0
                    • Opcode ID: d5a07c7992b1df5535ea0c801bb00f7c281061051f18a011ae497df24987a122
                    • Instruction ID: fac3a38f23399f37ac82eea56c5e0a8ca0a24c1a9d78f563727821400c7bc2cf
                    • Opcode Fuzzy Hash: d5a07c7992b1df5535ea0c801bb00f7c281061051f18a011ae497df24987a122
                    • Instruction Fuzzy Hash: 2911E4756006149BD320CF69C594BE7BBE9FF49354F14842EE95A8B211EB31E842CB80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #4171.MFC42(00000000,?,00000000,00000000,004094D6,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040984B
                    • #6311.MFC42(00000000,?,00000000,00000000,004094D6,00000000,?,00000001,?,?,?,?,?,?,?,000000FF), ref: 0040987A
                    • atoi.MSVCRT ref: 00409884
                    • atoi.MSVCRT ref: 004098A7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: atoi$#4171#6311
                    • String ID:
                    • API String ID: 2874515399-0
                    • Opcode ID: a914b440f854a9ff8b006c13138389503ef72bbef3093115baa36b53fe019a19
                    • Instruction ID: 05d5ac47aa3969485f1b1f898d7d3ba5eaf3fc05651de25ace9b96adb6bb6552
                    • Opcode Fuzzy Hash: a914b440f854a9ff8b006c13138389503ef72bbef3093115baa36b53fe019a19
                    • Instruction Fuzzy Hash: E5118E326082849FC704DF69A844BABBB95EFCA310F04C47EF48D87342C7359854C769
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: IncrementInterlockedTimetime
                    • String ID:
                    • API String ID: 159728177-0
                    • Opcode ID: 7bb1cecd84688cfa9587b1f5c7ec345be65b33b2fc2ec59c798395647a859961
                    • Instruction ID: 18616441183c3957500d69d539f8d6d21f48f7f54bdbe05bd618c41186bf2a9a
                    • Opcode Fuzzy Hash: 7bb1cecd84688cfa9587b1f5c7ec345be65b33b2fc2ec59c798395647a859961
                    • Instruction Fuzzy Hash: 280135B16007059FC720DFAEC88098AF7F8BF88640710892EE549C3610EBB0E9018BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                    • String ID:
                    • API String ID: 3016257755-0
                    • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                    • Instruction ID: a7cafccfb3f523e07ff48515f75e13910053c0c14ae0877d4e9fc8f107e21ab8
                    • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                    • Instruction Fuzzy Hash: 32117B3640414EBBCF129F80DC418EE3F66FB09294B158528FA1899031C332D9B2AB81
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                    • String ID:
                    • API String ID: 3016257755-0
                    • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                    • Instruction ID: 23c62e1b242b606a9b143a3c66e1e65775f5f071dc03201b55b9aee00f80a052
                    • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                    • Instruction Fuzzy Hash: 5E114C3244014ABBCF125E84CC09DFE3F27BB58358F498515FA18AA134D736CAB1EB89
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GlobalAlloc.KERNEL32(00000040,00000088,?,-00000001,004127AE,0041B658,000000FD,?,?,?,75AE3E40), ref: 00412822
                    • GlobalReAlloc.KERNEL32(?,?,00000042), ref: 0041283C
                    • #823.MFC42(00000088,?,?,?,75AE3E40), ref: 0041284A
                    • lstrcpyA.KERNEL32(00000008,?,75AE3E40), ref: 00412866
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: AllocGlobal$#823lstrcpy
                    • String ID:
                    • API String ID: 3586439457-0
                    • Opcode ID: 7465781faa49ecb50039b74fe0dd5d54c147088390440b30aeda1918ec880aa6
                    • Instruction ID: 6d0bb5104ddb212e15caa7a3e2c5e0bd9a6d42cac70925640aa5d76014a57df9
                    • Opcode Fuzzy Hash: 7465781faa49ecb50039b74fe0dd5d54c147088390440b30aeda1918ec880aa6
                    • Instruction Fuzzy Hash: C10129B52007409FD354DF2AD845B6AB7E8FB98704B00892EE686C7750E7B4E8558B54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 1000404A
                    • _free.LIBCMT ref: 1000407F
                      • Part of subcall function 10012E7A: HeapFree.KERNEL32(00000000,00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012E90
                      • Part of subcall function 10012E7A: GetLastError.KERNEL32(00000000,?,1001A616,00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40), ref: 10012EA2
                    • _malloc.LIBCMT ref: 100040BA
                    • _memset.LIBCMT ref: 100040C8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CreateErrorFreeHeapLastTimerWaitable_free_malloc_memset
                    • String ID:
                    • API String ID: 3340475617-0
                    • Opcode ID: dbd8f463b26897cd7d7ee50d1c656f570b1da69b50d3025e022ef4cd5f207cd7
                    • Instruction ID: 8a4638465c2660afccf1f4e8f943b0df6a8ec7b74904e70ee4aab389d2c0c6d1
                    • Opcode Fuzzy Hash: dbd8f463b26897cd7d7ee50d1c656f570b1da69b50d3025e022ef4cd5f207cd7
                    • Instruction Fuzzy Hash: C3010CF5900B049FE360CF7AD8C1B97BAE8EB45254F11482EE5AEC7302CA30A8058F60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02555C4E
                    • _free.LIBCMT ref: 02555C83
                      • Part of subcall function 02564A7E: HeapFree.KERNEL32(00000000,00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564A94
                      • Part of subcall function 02564A7E: GetLastError.KERNEL32(00000000,?,0256C21A,00000000,?,0000FFFF,02565116,02572A8D), ref: 02564AA6
                    • _malloc.LIBCMT ref: 02555CBE
                    • _memset.LIBCMT ref: 02555CCC
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CreateErrorFreeHeapLastTimerWaitable_free_malloc_memset
                    • String ID:
                    • API String ID: 3340475617-0
                    • Opcode ID: e0b4d3d5eda5e717d0c6f3f07f93a5621ed579b07e75f2275d394ada544cf298
                    • Instruction ID: de25cad1c830e82ad49f2f8ed58c1cc9fa8fb83a2072a80bab6eb2b7c12ad54e
                    • Opcode Fuzzy Hash: e0b4d3d5eda5e717d0c6f3f07f93a5621ed579b07e75f2275d394ada544cf298
                    • Instruction Fuzzy Hash: 6901E5B1900B149FE3209F7AC885BA7BAE9FB85354F10482EE5AE87301D631A8048F64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #470#755ClientRectVisibleWindow
                    • String ID:
                    • API String ID: 2977826925-0
                    • Opcode ID: db531c7a663f71a6382587b787b9476da3349e0a5d8e52484f3efb02835ba458
                    • Instruction ID: 310082c413d53474a09a6c1b98ba73af89f3b59c3c9fd4cae856f006c436c591
                    • Opcode Fuzzy Hash: db531c7a663f71a6382587b787b9476da3349e0a5d8e52484f3efb02835ba458
                    • Instruction Fuzzy Hash: 99018C712046119BD324DF24CD41BEBB7E8EB84B10F100B2EB466832D0DB38E845CB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 004029E0: #3092.MFC42(00000000), ref: 004029ED
                      • Part of subcall function 00402FF0: #324.MFC42(00000066,?,?,?,?,?,00414923,000000FF), ref: 00403015
                      • Part of subcall function 00402FF0: #567.MFC42(00000066,?,?,?,?,?,00414923,000000FF), ref: 00403027
                      • Part of subcall function 00402FF0: #567.MFC42(00000066,?,?,?,?,?,00414923,000000FF), ref: 0040303F
                    • #2514.MFC42 ref: 0040F8F2
                    • #692.MFC42 ref: 0040F91B
                    • #692.MFC42 ref: 0040F92C
                    • #641.MFC42 ref: 0040F940
                      • Part of subcall function 004027C0: #3092.MFC42(00000000), ref: 004027D1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #3092#567#692$#2514#324#641
                    • String ID:
                    • API String ID: 2457609574-0
                    • Opcode ID: 5db88208a8515dbb324e8ad7cfbc6b4685f06239ff46d4d2aba09073415b407b
                    • Instruction ID: 913185b4443538c88a19ea0499e44a18eae8bcfe8a501056adfb1a2d15700856
                    • Opcode Fuzzy Hash: 5db88208a8515dbb324e8ad7cfbc6b4685f06239ff46d4d2aba09073415b407b
                    • Instruction Fuzzy Hash: 5F11C0700447829BC734EF24C441BEAB7E4BF85714F004A3EB4AA536C2DB7C5844CB96
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 10012ECE
                      • Part of subcall function 10012D63: __FF_MSGBANNER.LIBCMT ref: 10012D7C
                      • Part of subcall function 10012D63: __NMSG_WRITE.LIBCMT ref: 10012D83
                      • Part of subcall function 10012D63: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,10016A53,?,00000001,?,?,1001D161,00000018,1002D480,0000000C,1001D1F1), ref: 10012DA8
                    • std::exception::exception.LIBCMT ref: 10012F03
                    • std::exception::exception.LIBCMT ref: 10012F1D
                    • __CxxThrowException@8.LIBCMT ref: 10012F2E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::exception::exception$AllocException@8HeapThrow_malloc
                    • String ID:
                    • API String ID: 1414122017-0
                    • Opcode ID: 4c53b859a65d645c260020032793b82994e1b45b635910d1749330d0d95f0cbb
                    • Instruction ID: 7ca0bc5bef7531d6ff6561799e264f7b6746004d524353b5647e5922babf9c4a
                    • Opcode Fuzzy Hash: 4c53b859a65d645c260020032793b82994e1b45b635910d1749330d0d95f0cbb
                    • Instruction Fuzzy Hash: 51F028B540424A6EDB05DB54DD42ADD77F9EF44740F940069F921AE092DFB0EBD08751
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 02564AD2
                      • Part of subcall function 02564967: __FF_MSGBANNER.LIBCMT ref: 02564980
                      • Part of subcall function 02564967: __NMSG_WRITE.LIBCMT ref: 02564987
                      • Part of subcall function 02564967: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 025649AC
                    • std::exception::exception.LIBCMT ref: 02564B07
                    • std::exception::exception.LIBCMT ref: 02564B21
                    • __CxxThrowException@8.LIBCMT ref: 02564B32
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                    • String ID:
                    • API String ID: 615853336-0
                    • Opcode ID: 4d1f6313a715765cab7a1efdafa5c7e89f937d007e0b4d28f8a416aeb6d99068
                    • Instruction ID: b5442a9c57016be14055142c1a1ff275a8e4b880e366049517b55e08aa65cf8e
                    • Opcode Fuzzy Hash: 4d1f6313a715765cab7a1efdafa5c7e89f937d007e0b4d28f8a416aeb6d99068
                    • Instruction Fuzzy Hash: 47F0443140025B7ADF25EB10DD48AFD7ABBFF84304F540059E504A7090DBB18A818B49
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseSleep
                    • String ID:
                    • API String ID: 2834455192-0
                    • Opcode ID: ad443e11dd96ab432f1e54197b681408b650c64e4a458ca4da7973afd4dcc090
                    • Instruction ID: 3fda3e358ecb4cb87d779266ad775dbf6445338549091b6f8d971fa7f1036059
                    • Opcode Fuzzy Hash: ad443e11dd96ab432f1e54197b681408b650c64e4a458ca4da7973afd4dcc090
                    • Instruction Fuzzy Hash: 39F01975900629FBEB14DBA5CC8EEBAB67CBB08305F204044FA09A7151D770AA069BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegOpenKeyExA.ADVAPI32(80000002,100275E8,00000000,00020019,?), ref: 025605AF
                    • RegQueryValueExA.ADVAPI32(?,10027CA8,00000000,00000000,00000000,?), ref: 025605CC
                    • RegCloseKey.ADVAPI32(?), ref: 025605DA
                    • RegCloseKey.ADVAPI32(?), ref: 025605EA
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Close$OpenQueryValue
                    • String ID:
                    • API String ID: 1607946009-0
                    • Opcode ID: 6441f0c648409d0b067b55eb74cd915cf81db3738894cadc01dfd56c8cda884f
                    • Instruction ID: a015351e9008993e01e31dc92340df4a27fea1957be5f1a02b8bcb930a021ce2
                    • Opcode Fuzzy Hash: 6441f0c648409d0b067b55eb74cd915cf81db3738894cadc01dfd56c8cda884f
                    • Instruction Fuzzy Hash: C2F01D75A40218FBEB10DFA09D8AEBAB7ACFB18205F200198FD0CD3141E7309A059BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2414
                    • String ID:
                    • API String ID: 3739888808-0
                    • Opcode ID: c95f272d84d423212cc55360c7ac3e9256ebb1e88b1baaa52539cd29193df95b
                    • Instruction ID: 784e76cd1e4fab72e615a7f6ec4c52394f14054a458b45acfa6c953b26d9e078
                    • Opcode Fuzzy Hash: c95f272d84d423212cc55360c7ac3e9256ebb1e88b1baaa52539cd29193df95b
                    • Instruction Fuzzy Hash: 56F0543030231196DB39DA62A150BE777986F21B0474C80BF581AD7381DF3BE995C66A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2379#2864#5981Parent
                    • String ID:
                    • API String ID: 1933159328-0
                    • Opcode ID: e7dc097a2fddfaf12c4daab96f7498485f6074b4ba4cc2733d712e58f5c8c564
                    • Instruction ID: 5db1fc79f23289568e23753a124b67239b057018f1933f99662c7c0332e76294
                    • Opcode Fuzzy Hash: e7dc097a2fddfaf12c4daab96f7498485f6074b4ba4cc2733d712e58f5c8c564
                    • Instruction Fuzzy Hash: 24D0127590410057DB14A7B8849CDAF6756BBA1308F548C5FF145DA252C73FD8C1CA2E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2379#2864#5981Focus
                    • String ID:
                    • API String ID: 3515412747-0
                    • Opcode ID: bc8ff211255e545f8e8b15c74c4dcbff47f3a016d9cee0eeaabd2efa1e3d0604
                    • Instruction ID: ed68c55da60b39aa6039d90e7662b899b1e24b36ae454fb21c26d2d654d0e922
                    • Opcode Fuzzy Hash: bc8ff211255e545f8e8b15c74c4dcbff47f3a016d9cee0eeaabd2efa1e3d0604
                    • Instruction Fuzzy Hash: 85C08C32300030638D367371181D8EE02598BE0B083094C2FF0058628ACE6DCDC2C2ED
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2379#2864#5981Parent
                    • String ID:
                    • API String ID: 1933159328-0
                    • Opcode ID: a396295b873bb5e391b3fc0b5367a9aecc4743b44adbbb0425decec61dbb37ae
                    • Instruction ID: 6d141b0449205f89838913b9e8625b6d6d4edfc8ffc040578e262093f6499de9
                    • Opcode Fuzzy Hash: a396295b873bb5e391b3fc0b5367a9aecc4743b44adbbb0425decec61dbb37ae
                    • Instruction Fuzzy Hash: 15D09E75500204A7DA00F7A1840DA9E76667BA5349F41C86EF0595B242C77EC491CB28
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Cursor$#1168#2379Load
                    • String ID:
                    • API String ID: 1099151914-0
                    • Opcode ID: 9130b47339bb4baa76faf99f22ce1a89506bdcc5bc2ddeab815856e41f09fa46
                    • Instruction ID: 25d3efa02816b67b00c220b1d105fdc22a753cf735712c9488b07fa601640177
                    • Opcode Fuzzy Hash: 9130b47339bb4baa76faf99f22ce1a89506bdcc5bc2ddeab815856e41f09fa46
                    • Instruction Fuzzy Hash: 9CD0123924424096E6006BB14C0DFDB6B15ABA574DF16C0BEB6985A2C2C9BA8481C53D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::exception::exception.LIBCMT ref: 1000D08A
                    • __CxxThrowException@8.LIBCMT ref: 1000D09F
                    Strings
                    • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 1000CD7C, 1000CDA1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Exception@8Throwstd::exception::exception
                    • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
                    • API String ID: 3728558374-3812731148
                    • Opcode ID: 997da6dcc63e35c760c636288f25d58ec8612db4a9fd4b985764be44c7f6e065
                    • Instruction ID: fee7e8d763f62ba9182a138c1f053afd6584edc25caa5c32af3de1bd89714ce0
                    • Opcode Fuzzy Hash: 997da6dcc63e35c760c636288f25d58ec8612db4a9fd4b985764be44c7f6e065
                    • Instruction Fuzzy Hash: 85C19D756042499BEB14DF54C4C4BAD7BE6EF85390F1480AAEC498F24EC375AC86CB72
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID:
                    • String ID: recv sn=%lu
                    • API String ID: 0-1144994348
                    • Opcode ID: 5f9b834c03194c5e0b88bce6b05dd3d3b89d0829b8163e73b8e3101a887c609c
                    • Instruction ID: 2ca625751843d4a35cfbd41f02025affe8a103bb5b99fc796eeb496e2c9202e0
                    • Opcode Fuzzy Hash: 5f9b834c03194c5e0b88bce6b05dd3d3b89d0829b8163e73b8e3101a887c609c
                    • Instruction Fuzzy Hash: E45166B5600A059FE710CF28D580B8AB7F5FF883A0F20866AE8598B755E771FD54CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 1000A8C5
                    • _memmove.LIBCMT ref: 1000A916
                      • Part of subcall function 10009D00: std::_Xinvalid_argument.LIBCPMT ref: 10009D1A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Xinvalid_argumentstd::_$_memmove
                    • String ID: string too long
                    • API String ID: 2168136238-2556327735
                    • Opcode ID: 786cdc6a2cbb21d14a94d287711eb1e49285cec76b9bbd1be8fe0870701a072a
                    • Instruction ID: eb8affb54fa0438e115ca1990cffa65db2af2309a9bfb208fbc816d028201bfc
                    • Opcode Fuzzy Hash: 786cdc6a2cbb21d14a94d287711eb1e49285cec76b9bbd1be8fe0870701a072a
                    • Instruction Fuzzy Hash: 0631B7327146105BF724DA5CE88095AF7E9EBA26E0B20871FF582CB645CB71DC8187A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,10027628,?), ref: 025571EA
                    • RegCloseKey.ADVAPI32(?), ref: 025572BF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CloseCreate
                    • String ID: SYSTEM\Setup
                    • API String ID: 2932200918-1397563030
                    • Opcode ID: 8464d6c0c44ced1cf27c8e0587422d83482536d9b876ab66e2ae606970febea4
                    • Instruction ID: 36c8f90ee14e7d9e90d8941649c29608cd75e781ec8b13bd929f36c790caaf69
                    • Opcode Fuzzy Hash: 8464d6c0c44ced1cf27c8e0587422d83482536d9b876ab66e2ae606970febea4
                    • Instruction Fuzzy Hash: 8D31847190052AABEF20DB64CC9DFEAB7B8FB48704F5041D9F90CA7140DB71AA498F54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 100094AB
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107A4
                      • Part of subcall function 1001078F: __CxxThrowException@8.LIBCMT ref: 100107B9
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107CA
                    • std::_Xinvalid_argument.LIBCPMT ref: 100094C2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                    • String ID: string too long
                    • API String ID: 963545896-2556327735
                    • Opcode ID: cc1e2df9af1b380a6df230b209aa10e73815690143e8c5b1e87ebe63718e259f
                    • Instruction ID: 2ccfa1a96fb6d881c4032e06d86d1e915e02fe53248b5e2980f59a337b100a50
                    • Opcode Fuzzy Hash: cc1e2df9af1b380a6df230b209aa10e73815690143e8c5b1e87ebe63718e259f
                    • Instruction Fuzzy Hash: 68112933304A104BE721DA5CFC80A6AF3E9FF916A1F21061FF595CB295C7B0E90083A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 10007D26
                      • Part of subcall function 100107DC: std::exception::exception.LIBCMT ref: 100107F1
                      • Part of subcall function 100107DC: __CxxThrowException@8.LIBCMT ref: 10010806
                      • Part of subcall function 100107DC: std::exception::exception.LIBCMT ref: 10010817
                    • _memmove.LIBCMT ref: 10007D5F
                    Strings
                    • invalid string position, xrefs: 10007D21
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                    • String ID: invalid string position
                    • API String ID: 1785806476-1799206989
                    • Opcode ID: 0ed46bb0a51c346bd107f20755d63ad19d8c7ffa1714a355348d15888b2e0705
                    • Instruction ID: 5e152ad10aa1c042b226be0a003672f8f8848f0f8e2c3704f7acdb6fb7272676
                    • Opcode Fuzzy Hash: 0ed46bb0a51c346bd107f20755d63ad19d8c7ffa1714a355348d15888b2e0705
                    • Instruction Fuzzy Hash: 7201D6317006514BE320DDACEC8096AB7BAFFD5690724492FE189CB709D6B4EC4287A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __output_l.LIBCMT ref: 10013382
                      • Part of subcall function 1001350D: __getptd_noexit.LIBCMT ref: 1001350D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd_noexit__output_l
                    • String ID: B
                    • API String ID: 2141734944-1255198513
                    • Opcode ID: 912eacf636800b4a8816d734545db41f327218630cfc5ea4d5c0ab80f2952ca8
                    • Instruction ID: 7d6fa2b0a7e1b0002f372fc7aa2dffc439ed8b8ddf84ade339432a3de8300672
                    • Opcode Fuzzy Hash: 912eacf636800b4a8816d734545db41f327218630cfc5ea4d5c0ab80f2952ca8
                    • Instruction Fuzzy Hash: 64016D759042499BDF00DFA4CC01BEEBBF9EF44364F144125F824AA281E775DA819BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Xinvalid_argument.LIBCPMT ref: 10006635
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107A4
                      • Part of subcall function 1001078F: __CxxThrowException@8.LIBCMT ref: 100107B9
                      • Part of subcall function 1001078F: std::exception::exception.LIBCMT ref: 100107CA
                    • _memmove.LIBCMT ref: 10006664
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                    • String ID: vector<T> too long
                    • API String ID: 1785806476-3788999226
                    • Opcode ID: bad74ee1199c4bd84e810a454cc2a30962c5ced8ac91599d196912534d136a22
                    • Instruction ID: 27277f6bb2819162244ac7c49c0cf356b20b66b4ddf74e56f439fb2ddd616dd4
                    • Opcode Fuzzy Hash: bad74ee1199c4bd84e810a454cc2a30962c5ced8ac91599d196912534d136a22
                    • Instruction Fuzzy Hash: CD01D8B1A002059FD724DEACDC81C67B3DAEF94350725CA2DF99A87748EA31F944C7A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __output_l.LIBCMT ref: 02564F86
                      • Part of subcall function 02565111: __getptd_noexit.LIBCMT ref: 02565111
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd_noexit__output_l
                    • String ID: B
                    • API String ID: 2141734944-1255198513
                    • Opcode ID: 4a412520afed6273eabeb2a74cfc12bb8da64e88214f81c404eb3e0904aeda9a
                    • Instruction ID: e4b7e04dc73bd871ffe7d74dcd6f7e8e034bec141b5abd193c4689658f30507a
                    • Opcode Fuzzy Hash: 4a412520afed6273eabeb2a74cfc12bb8da64e88214f81c404eb3e0904aeda9a
                    • Instruction Fuzzy Hash: ED016D71A0024A9FDF209FA4CC09BFEBBF5FB44364F104156E924A7280E7749501CBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: CallFrame@12Setting__getptd
                    • String ID: j
                    • API String ID: 3454690891-2137352139
                    • Opcode ID: 94532638dcc6044295679da9101a47b9cf1f94d2050377992a863876b672f514
                    • Instruction ID: cab3854c7b800068b5542ade1ee3786b999339c18cfaacc361f469adbc97672d
                    • Opcode Fuzzy Hash: 94532638dcc6044295679da9101a47b9cf1f94d2050377992a863876b672f514
                    • Instruction Fuzzy Hash: 2711A031804391DFCB11CF64C54C7B8BB70BF05329F19808AD8A92B692C7746991CF95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 10013266: __getptd.LIBCMT ref: 1001326C
                      • Part of subcall function 10013266: __getptd.LIBCMT ref: 1001327C
                    • __getptd.LIBCMT ref: 10017DD6
                      • Part of subcall function 1001A625: __getptd_noexit.LIBCMT ref: 1001A628
                      • Part of subcall function 1001A625: __amsg_exit.LIBCMT ref: 1001A635
                    • __getptd.LIBCMT ref: 10017DE4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd$__amsg_exit__getptd_noexit
                    • String ID: csm
                    • API String ID: 803148776-1018135373
                    • Opcode ID: b2af965c9d768a64c625c96979692dfc4cc50201f153989c8daca63aa59d2893
                    • Instruction ID: f5e47f8d889a8ad7cd4f4c8ca727a7ccb045c445cc6bd7d6f9791d7ee6694d68
                    • Opcode Fuzzy Hash: b2af965c9d768a64c625c96979692dfc4cc50201f153989c8daca63aa59d2893
                    • Instruction Fuzzy Hash: 94014B398012068ACB24DF21D841A9DB7F5FF08251F6448AEE48A5F2A2CB34DDE0CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 025699DA
                      • Part of subcall function 0256C229: __getptd_noexit.LIBCMT ref: 0256C22C
                      • Part of subcall function 0256C229: __amsg_exit.LIBCMT ref: 0256C239
                    • __getptd.LIBCMT ref: 025699E8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105534199.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2550000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: __getptd$__amsg_exit__getptd_noexit
                    • String ID: csm
                    • API String ID: 803148776-1018135373
                    • Opcode ID: b2af965c9d768a64c625c96979692dfc4cc50201f153989c8daca63aa59d2893
                    • Instruction ID: 2c51a82eabf1e0a1e4ff385f14b29984c6777af8d031674143e16115bba556a7
                    • Opcode Fuzzy Hash: b2af965c9d768a64c625c96979692dfc4cc50201f153989c8daca63aa59d2893
                    • Instruction Fuzzy Hash: AF018B708002118BCF349FA1D44CABDBBF6BF10611F54452ED48257250CB32D990DF59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #825.MFC42 ref: 00405AE0
                    • #2414.MFC42(?,?,?,00414BC8,000000FF,00405AD8), ref: 00405B1B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2414#825
                    • String ID: @A
                    • API String ID: 2114621805-361999007
                    • Opcode ID: c203ba1c72bca94926c9433fbbe114af44650690a560af78e6ce157dad25281a
                    • Instruction ID: d924b62717d5289c0caa8971a364a65cba4174232497598a3a51cb215f01ead8
                    • Opcode Fuzzy Hash: c203ba1c72bca94926c9433fbbe114af44650690a560af78e6ce157dad25281a
                    • Instruction Fuzzy Hash: 37E0E5B290876057D3259F0898023CB7BD8EB55314F04892FF88453341D7BC88C48BCA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • #2414.MFC42(?,?,?,?,?,?,?,00404BB8), ref: 00404C15
                    • #682.MFC42(?,?,?,?,?,?,?,00404BB8), ref: 00404C2A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105196613.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2105183922.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105212609.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105224311.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2105235770.000000000041C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: #2414#682
                    • String ID: @A
                    • API String ID: 270516558-361999007
                    • Opcode ID: f59899f8471fd338abbd65d7e33034c92238c5b1c3a7c8ba717a240c3f473ffc
                    • Instruction ID: 7ad4f03819f95b95fbf0cbe8cef2981a1b9af35d6680df071d480c2b79a70f99
                    • Opcode Fuzzy Hash: f59899f8471fd338abbd65d7e33034c92238c5b1c3a7c8ba717a240c3f473ffc
                    • Instruction Fuzzy Hash: 93F01DB16487929BC310DF19D801786FFE4FBD4B20F248A1FE4A187791D7B854898BD6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetEvent.KERNEL32(?), ref: 10003D3E
                    • InterlockedExchange.KERNEL32(?,00000001), ref: 10003D4A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2105709337.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000000.00000002.2105696826.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105732398.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105746775.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2105759106.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_10000000_C7jdH7geD6.jbxd
                    Similarity
                    • API ID: EventExchangeInterlocked
                    • String ID: OnHandShake===%d
                    • API String ID: 1909783032-1255018270
                    • Opcode ID: 132f12836ca780b6b54ac379c509adcfa2ec179a50a29073a62ee6a33a0f9671
                    • Instruction ID: f5238b90c74ff66bfcf1176fe0361cbd36a08c3f69f3a648491ada5800364354
                    • Opcode Fuzzy Hash: 132f12836ca780b6b54ac379c509adcfa2ec179a50a29073a62ee6a33a0f9671
                    • Instruction Fuzzy Hash: A6D05E725503246BE324ABA8AC49DDB779CFF28222F854415FE0D96201EB72B82087E5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:3.8%
                    Dynamic/Decrypted Code Coverage:88.5%
                    Signature Coverage:0%
                    Total number of Nodes:693
                    Total number of Limit Nodes:13
                    execution_graph 38567 28a0000 38570 28a0010 38567->38570 38573 28a0040 38570->38573 38572 28a000a 38592 28a0810 38573->38592 38575 28a0048 38614 28a0430 38575->38614 38577 28a005a 38578 28a0063 38577->38578 38579 28a0070 38577->38579 38720 28a0640 LoadLibraryA 38578->38720 38642 28a0590 38579->38642 38583 28a0069 38583->38572 38584 28a008f 38645 1000fb60 OutputDebugStringA OutputDebugStringA GetCommandLineW CommandLineToArgvW 38584->38645 38585 28a0082 38721 28a0640 LoadLibraryA 38585->38721 38587 28a0088 38587->38572 38590 28a0098 38590->38572 38593 28a08a4 38592->38593 38723 28a07a0 38593->38723 38595 28a1110 38596 28a07a0 LoadLibraryA 38595->38596 38597 28a1131 38596->38597 38598 28a07a0 LoadLibraryA 38597->38598 38599 28a1197 38598->38599 38600 28a07a0 LoadLibraryA 38599->38600 38601 28a11b5 38600->38601 38602 28a07a0 LoadLibraryA 38601->38602 38603 28a11ff 38602->38603 38604 28a07a0 LoadLibraryA 38603->38604 38605 28a1289 38604->38605 38606 28a07a0 LoadLibraryA 38605->38606 38607 28a12aa 38606->38607 38608 28a07a0 LoadLibraryA 38607->38608 38609 28a12cb 38608->38609 38610 28a07a0 LoadLibraryA 38609->38610 38611 28a12ec 38610->38611 38612 28a07a0 LoadLibraryA 38611->38612 38613 28a13ed 38612->38613 38613->38575 38615 28a0810 LoadLibraryA 38614->38615 38616 28a043a 38615->38616 38617 28a0447 38616->38617 38618 28a0462 VirtualAlloc 38616->38618 38617->38577 38619 28a047a 38618->38619 38620 28a048f 38619->38620 38621 28a04a0 VirtualAlloc VirtualAlloc 38619->38621 38620->38577 38622 28a04e2 38621->38622 38726 28a00b0 38622->38726 38624 28a04fc 38731 28a0300 38624->38731 38627 28a0530 38736 28a0160 38627->38736 38628 28a0520 38748 28a0640 LoadLibraryA 38628->38748 38631 28a0525 38631->38577 38633 28a0558 38742 10014a0f 38633->38742 38634 28a0547 38749 28a0640 LoadLibraryA 38634->38749 38636 28a054d 38636->38577 38638 28a0574 38638->38577 38640 28a0569 38640->38577 38643 28a0810 LoadLibraryA 38642->38643 38644 28a007b 38643->38644 38644->38584 38644->38585 38646 1000fbe0 _memset 38645->38646 38649 1000fbf3 38646->38649 39117 10012eb4 38646->39117 39044 100055b0 RegCreateKeyA 38649->39044 38651 1000fc38 39055 1000f710 38651->39055 38652 1000fd4e 38653 1000fd72 38652->38653 38654 1000fd53 GetModuleFileNameA 38652->38654 38658 1000fd12 38653->38658 38659 1000fd77 OutputDebugStringA 38653->38659 38657 1000fcf7 SetFileAttributesA CreateThread 38654->38657 38657->38658 39455 1000fac0 38657->39455 38661 1000fd18 OutputDebugStringA 38658->38661 38659->38661 38660 1000f710 129 API calls 38662 1000fc56 38660->38662 38663 1000fec7 38661->38663 38664 1000fd2e 38661->38664 38665 1000f710 129 API calls 38662->38665 38666 10010040 38663->38666 38667 1000fecd OutputDebugStringA 38663->38667 38668 10012eb4 std::ios_base::_Init 77 API calls 38664->38668 38678 1000fd45 38664->38678 38669 1000fc66 38665->38669 39132 10013318 38666->39132 39101 10025e2f 38667->39101 38673 1000fd3e 38668->38673 38674 1000f710 129 API calls 38669->38674 38673->38678 38679 1000fc76 38674->38679 38675 28a0092 38722 28a0640 LoadLibraryA 38675->38722 38677 1000fd92 38681 1000fdaa GetSystemDirectoryA 38677->38681 38682 1000fd9b GetSystemWow64DirectoryA 38677->38682 39129 100056e0 GetNativeSystemInfo 38678->39129 38684 1000f710 129 API calls 38679->38684 38680 1000ff03 38686 10025e2f __wcsicoll 78 API calls 38680->38686 38683 1000fdb7 OutputDebugStringA 38681->38683 38682->38683 38687 1000fdc5 38683->38687 38688 1000fc89 SHGetFolderPathA GetModuleFileNameA 38684->38688 38689 1000ff17 38686->38689 38687->38687 38690 1000fdcd SHGetFolderPathA 38687->38690 39098 10013478 38688->39098 38689->38666 38692 1000ff22 OutputDebugStringA 38689->38692 38693 10013478 swprintf 97 API calls 38690->38693 38695 1000ff32 38692->38695 38702 1000ff40 38692->38702 38696 1000fe22 CopyFileA 38693->38696 38698 10012eb4 std::ios_base::_Init 77 API calls 38695->38698 38700 1000fe42 38696->38700 38699 1000ff39 38698->38699 38699->38702 38700->38700 38703 1000fe4a OutputDebugStringA 38700->38703 38701 1000ff55 38704 1000ff6d GetSystemDirectoryA 38701->38704 38705 1000ff5e GetSystemWow64DirectoryA 38701->38705 39131 100056e0 GetNativeSystemInfo 38702->39131 38706 1000fe76 38703->38706 38712 1000fe7d 38703->38712 38707 1000ff7a OutputDebugStringA 38704->38707 38705->38707 38709 10012eb4 std::ios_base::_Init 77 API calls 38706->38709 38710 1000ff88 38707->38710 38709->38712 38710->38710 38713 1000ff90 SHGetFolderPathA 38710->38713 38711 1000feac 38714 1000feb9 CloseHandle ExitProcess 38711->38714 38715 1001003a CloseHandle 38711->38715 39130 10005740 129 API calls 4 library calls 38712->39130 38716 10013478 swprintf 97 API calls 38713->38716 38715->38666 38717 1000ffe5 CopyFileA 38716->38717 38718 10010005 38717->38718 38718->38718 38719 1001000d OutputDebugStringA 38718->38719 38719->38715 38720->38583 38721->38587 38722->38590 38724 28a07a8 38723->38724 38725 28a07f4 LoadLibraryA 38724->38725 38725->38595 38727 28a0810 LoadLibraryA 38726->38727 38729 28a00c0 38727->38729 38728 28a0111 VirtualAlloc 38728->38729 38729->38728 38730 28a0159 38729->38730 38730->38624 38732 28a0810 LoadLibraryA 38731->38732 38735 28a031c 38732->38735 38733 28a07a0 LoadLibraryA 38733->38735 38734 28a0404 38734->38627 38734->38628 38735->38733 38735->38734 38737 28a0810 LoadLibraryA 38736->38737 38740 28a0169 38737->38740 38738 28a026d 38738->38633 38738->38634 38738->38638 38739 28a01b3 VirtualFree 38739->38740 38740->38738 38740->38739 38741 28a023b VirtualProtect 38740->38741 38741->38740 38743 10014a1a 38742->38743 38744 10014a1f 38742->38744 38763 1001e24c GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 38743->38763 38751 10014919 38744->38751 38747 28a055f 38747->38638 38750 28a0640 LoadLibraryA 38747->38750 38748->38631 38749->38636 38750->38640 38753 10014925 __close 38751->38753 38752 10014972 38760 100149c2 __close 38752->38760 38814 1000ea00 38752->38814 38753->38752 38753->38760 38764 100147b5 38753->38764 38756 10014985 38757 100149a2 38756->38757 38759 1000ea00 ___DllMainCRTStartup 4 API calls 38756->38759 38758 100147b5 __CRT_INIT@12 150 API calls 38757->38758 38757->38760 38758->38760 38761 10014999 38759->38761 38760->38747 38762 100147b5 __CRT_INIT@12 150 API calls 38761->38762 38762->38757 38763->38744 38765 100147c1 __close 38764->38765 38766 10014843 38765->38766 38767 100147c9 38765->38767 38769 100148a4 38766->38769 38770 10014849 38766->38770 38821 1001a315 HeapCreate 38767->38821 38771 10014902 38769->38771 38772 100148a9 38769->38772 38775 10014867 38770->38775 38781 100147d2 __close 38770->38781 38913 10014370 66 API calls _doexit 38770->38913 38771->38781 38941 1001a76e 79 API calls __freefls@4 38771->38941 38918 1001a46a TlsGetValue 38772->38918 38773 100147ce 38773->38781 38822 1001a7dc GetModuleHandleW 38773->38822 38780 1001487b 38775->38780 38914 1001de31 67 API calls _free 38775->38914 38917 1001488e 70 API calls __mtterm 38780->38917 38781->38752 38783 100147de __RTC_Initialize 38787 100147e2 38783->38787 38793 100147ee GetCommandLineA 38783->38793 38910 1001a333 HeapDestroy 38787->38910 38788 10014871 38915 1001a4bb 70 API calls _free 38788->38915 38789 100148c6 DecodePointer 38794 100148db 38789->38794 38792 10014876 38916 1001a333 HeapDestroy 38792->38916 38847 1001e1b5 GetEnvironmentStringsW 38793->38847 38797 100148f6 38794->38797 38798 100148df 38794->38798 38940 10012e7a 66 API calls 2 library calls 38797->38940 38927 1001a4f8 38798->38927 38804 100148e6 GetCurrentThreadId 38804->38781 38805 1001480c 38911 1001a4bb 70 API calls _free 38805->38911 38809 1001482c 38809->38781 38912 1001de31 67 API calls _free 38809->38912 38815 1000ea59 38814->38815 38816 1000ea0b 38814->38816 38815->38756 38817 1000ea12 OutputDebugStringA 38816->38817 38818 1000ea26 OutputDebugStringA 38816->38818 38819 1000ea3a OutputDebugStringA 38816->38819 38820 1000ea4e OutputDebugStringA 38816->38820 38817->38756 38818->38756 38819->38756 38820->38815 38821->38773 38823 1001a7f0 38822->38823 38824 1001a7f9 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 38822->38824 38942 1001a4bb 70 API calls _free 38823->38942 38827 1001a843 TlsAlloc 38824->38827 38826 1001a7f5 38826->38783 38829 1001a891 TlsSetValue 38827->38829 38830 1001a952 38827->38830 38829->38830 38831 1001a8a2 38829->38831 38830->38783 38943 10014116 EncodePointer EncodePointer __init_pointers __initp_misc_winsig FindHandlerForForeignException 38831->38943 38833 1001a8a7 EncodePointer EncodePointer EncodePointer EncodePointer 38944 1001d05c InitializeCriticalSectionAndSpinCount 38833->38944 38835 1001a8e6 38836 1001a8ea DecodePointer 38835->38836 38837 1001a94d 38835->38837 38839 1001a8ff 38836->38839 38945 1001a4bb 70 API calls _free 38837->38945 38839->38837 38840 10016a87 __calloc_crt 66 API calls 38839->38840 38841 1001a915 38840->38841 38841->38837 38842 1001a91d DecodePointer 38841->38842 38843 1001a92e 38842->38843 38843->38837 38844 1001a932 38843->38844 38845 1001a4f8 __CRT_INIT@12 66 API calls 38844->38845 38846 1001a93a GetCurrentThreadId 38845->38846 38846->38830 38848 100147fe 38847->38848 38850 1001e1d1 38847->38850 38860 1001dbec GetStartupInfoW 38848->38860 38849 1001e1e6 WideCharToMultiByte 38851 1001e206 38849->38851 38852 1001e23e FreeEnvironmentStringsW 38849->38852 38850->38849 38850->38850 38946 10016a42 66 API calls _malloc 38851->38946 38852->38848 38854 1001e20c 38854->38852 38855 1001e214 WideCharToMultiByte 38854->38855 38856 1001e232 FreeEnvironmentStringsW 38855->38856 38857 1001e226 38855->38857 38856->38848 38947 10012e7a 66 API calls 2 library calls 38857->38947 38859 1001e22e 38859->38856 38861 10016a87 __calloc_crt 66 API calls 38860->38861 38867 1001dc0a 38861->38867 38862 1001ddb5 GetStdHandle 38868 1001dd7f 38862->38868 38863 10016a87 __calloc_crt 66 API calls 38863->38867 38864 1001de19 SetHandleCount 38872 10014808 38864->38872 38865 1001ddc7 GetFileType 38865->38868 38866 1001dcff 38866->38868 38869 1001dd36 InitializeCriticalSectionAndSpinCount 38866->38869 38870 1001dd2b GetFileType 38866->38870 38867->38863 38867->38866 38867->38868 38867->38872 38868->38862 38868->38864 38868->38865 38871 1001dded InitializeCriticalSectionAndSpinCount 38868->38871 38869->38866 38869->38872 38870->38866 38870->38869 38871->38868 38871->38872 38872->38805 38873 1001e0fa 38872->38873 38874 1001e114 GetModuleFileNameA 38873->38874 38875 1001e10f 38873->38875 38877 1001e13b 38874->38877 38954 1001c7e2 94 API calls __setmbcp 38875->38954 38948 1001df60 38877->38948 38880 10014818 38880->38809 38886 1001de84 38880->38886 38881 1001e177 38955 10016a42 66 API calls _malloc 38881->38955 38883 1001e17d 38883->38880 38884 1001df60 _parse_cmdline 76 API calls 38883->38884 38885 1001e197 38884->38885 38885->38880 38887 1001de8d 38886->38887 38890 1001de92 _strlen 38886->38890 38957 1001c7e2 94 API calls __setmbcp 38887->38957 38889 10014821 38889->38809 38902 1001416d 38889->38902 38890->38889 38891 10016a87 __calloc_crt 66 API calls 38890->38891 38893 1001dec7 _strlen 38891->38893 38892 1001df16 38959 10012e7a 66 API calls 2 library calls 38892->38959 38893->38889 38893->38892 38895 10016a87 __calloc_crt 66 API calls 38893->38895 38896 1001df3c 38893->38896 38899 1001df53 38893->38899 38958 10013419 66 API calls __close 38893->38958 38895->38893 38960 10012e7a 66 API calls 2 library calls 38896->38960 38961 1001b9bd 10 API calls __call_reportfault 38899->38961 38901 1001df5f 38903 1001417b __IsNonwritableInCurrentImage 38902->38903 38962 10019fa9 38903->38962 38905 10014199 __initterm_e 38908 100141da __IsNonwritableInCurrentImage 38905->38908 38965 10013847 38905->38965 38907 100141ba 38907->38908 38968 10026d60 38907->38968 38908->38809 38910->38781 38911->38787 38912->38805 38913->38775 38914->38788 38915->38792 38916->38780 38917->38781 38919 100148ae 38918->38919 38920 1001a47f DecodePointer TlsSetValue 38918->38920 38921 10016a87 38919->38921 38920->38919 38923 10016a90 38921->38923 38924 100148ba 38923->38924 38925 10016aae Sleep 38923->38925 39003 1001e4c6 38923->39003 38924->38781 38924->38789 38926 10016ac3 38925->38926 38926->38923 38926->38924 39014 1001c090 38927->39014 38929 1001a504 GetModuleHandleW 39015 1001d1d6 38929->39015 38931 1001a542 InterlockedIncrement 39022 1001a59a 38931->39022 38934 1001d1d6 __lock 64 API calls 38935 1001a563 38934->38935 39025 1001c800 InterlockedIncrement 38935->39025 38937 1001a581 39037 1001a5a3 38937->39037 38939 1001a58e __close 38939->38804 38940->38781 38941->38781 38942->38826 38943->38833 38944->38835 38945->38830 38946->38854 38947->38859 38950 1001df7f 38948->38950 38952 1001dfec 38950->38952 38956 1002343b 76 API calls x_ismbbtype_l 38950->38956 38951 1001e0ea 38951->38880 38951->38881 38952->38951 38953 1002343b 76 API calls _parse_cmdline 38952->38953 38953->38952 38954->38874 38955->38883 38956->38950 38957->38890 38958->38893 38959->38889 38960->38889 38961->38901 38963 10019faf EncodePointer 38962->38963 38963->38963 38964 10019fc9 38963->38964 38964->38905 38975 1001380b 38965->38975 38967 10013854 38967->38907 39002 100136c0 38968->39002 38970 10026d78 WSAStartup 38971 10013847 __cinit 76 API calls 38970->38971 38972 10026d93 38971->38972 38973 10013318 __setlocale_nolock 5 API calls 38972->38973 38974 10026da3 38973->38974 38974->38907 38976 10013817 __close 38975->38976 38983 10014104 38976->38983 38982 10013838 __close 38982->38967 38984 1001d1d6 __lock 66 API calls 38983->38984 38985 1001381c 38984->38985 38986 10013724 DecodePointer DecodePointer 38985->38986 38987 100137d3 38986->38987 38988 10013752 38986->38988 38999 10013841 38987->38999 38988->38987 38989 1001c0e9 __onexit_nolock 67 API calls 38988->38989 38990 10013764 38989->38990 38991 100137b6 EncodePointer EncodePointer 38990->38991 38992 1001377f 38990->38992 38993 1001378e 38990->38993 38991->38987 38994 10016ad3 __realloc_crt 70 API calls 38992->38994 38993->38987 38995 10013788 38993->38995 38994->38995 38995->38993 38996 10016ad3 __realloc_crt 70 API calls 38995->38996 38997 100137a4 EncodePointer 38995->38997 38998 1001379e 38996->38998 38997->38991 38998->38987 38998->38997 39000 1001410d __cinit LeaveCriticalSection 38999->39000 39001 10013846 39000->39001 39001->38982 39004 1001e4d2 39003->39004 39010 1001e4ed 39003->39010 39005 1001e4de 39004->39005 39004->39010 39012 1001350d 66 API calls __getptd_noexit 39005->39012 39007 1001e500 HeapAlloc 39009 1001e527 39007->39009 39007->39010 39008 1001e4e3 39008->38923 39009->38923 39010->39007 39010->39009 39013 1001a356 DecodePointer 39010->39013 39012->39008 39013->39010 39014->38929 39016 1001d1eb 39015->39016 39017 1001d1fe EnterCriticalSection 39015->39017 39040 1001d114 66 API calls 8 library calls 39016->39040 39017->38931 39019 1001d1f1 39019->39017 39041 1001437f 66 API calls 3 library calls 39019->39041 39042 1001d0fd LeaveCriticalSection 39022->39042 39024 1001a55c 39024->38934 39026 1001c821 39025->39026 39027 1001c81e InterlockedIncrement 39025->39027 39028 1001c82b InterlockedIncrement 39026->39028 39029 1001c82e 39026->39029 39027->39026 39028->39029 39030 1001c838 InterlockedIncrement 39029->39030 39031 1001c83b 39029->39031 39030->39031 39032 1001c845 InterlockedIncrement 39031->39032 39034 1001c848 39031->39034 39032->39034 39033 1001c861 InterlockedIncrement 39033->39034 39034->39033 39035 1001c871 InterlockedIncrement 39034->39035 39036 1001c87c InterlockedIncrement 39034->39036 39035->39034 39036->38937 39043 1001d0fd LeaveCriticalSection 39037->39043 39039 1001a5aa 39039->38939 39040->39019 39042->39024 39043->39039 39045 100056c1 39044->39045 39046 100055f4 RegQueryValueExA 39044->39046 39047 10013318 __setlocale_nolock 5 API calls 39045->39047 39048 10005628 39046->39048 39050 100056d2 39047->39050 39049 10005664 RegQueryValueExA 39048->39049 39051 10005647 RegSetValueExA 39048->39051 39052 10005692 39049->39052 39053 1000569b RegSetValueExA 39049->39053 39050->38651 39050->38652 39051->39049 39052->39053 39054 100056b4 RegCloseKey 39052->39054 39053->39054 39054->39045 39140 10006240 CreateToolhelp32Snapshot Process32First 39055->39140 39058 1000f94f 39061 10013318 __setlocale_nolock 5 API calls 39058->39061 39059 1000f737 OpenProcess 39059->39058 39060 1000f750 OpenProcessToken 39059->39060 39062 1000f948 CloseHandle 39060->39062 39063 1000f768 LookupPrivilegeValueA AdjustTokenPrivileges AdjustTokenPrivileges 39060->39063 39064 1000f95b 39061->39064 39062->39058 39148 1000e910 7 API calls __setlocale_nolock 39063->39148 39064->38660 39066 1000f7d9 39149 1000e910 7 API calls __setlocale_nolock 39066->39149 39068 1000f7e9 39150 1000e910 7 API calls __setlocale_nolock 39068->39150 39070 1000f7f9 39151 1000e910 7 API calls __setlocale_nolock 39070->39151 39072 1000f809 39152 1000e910 7 API calls __setlocale_nolock 39072->39152 39074 1000f819 39153 1000e910 7 API calls __setlocale_nolock 39074->39153 39076 1000f829 39154 1000e910 7 API calls __setlocale_nolock 39076->39154 39078 1000f83c 39155 1000e910 7 API calls __setlocale_nolock 39078->39155 39080 1000f84c 39156 1000e910 7 API calls __setlocale_nolock 39080->39156 39082 1000f85c 39157 1000e910 7 API calls __setlocale_nolock 39082->39157 39084 1000f86c 39158 1000e910 7 API calls __setlocale_nolock 39084->39158 39086 1000f87c 39159 1000e910 7 API calls __setlocale_nolock 39086->39159 39088 1000f88c 39160 1000e910 7 API calls __setlocale_nolock 39088->39160 39090 1000f89f 39161 1000e910 7 API calls __setlocale_nolock 39090->39161 39092 1000f8af GetLengthSid SetTokenInformation 39162 1000f580 118 API calls 3 library calls 39092->39162 39094 1000f8f8 39163 1000eb40 PostThreadMessageA 39094->39163 39096 1000f90d TerminateProcess AdjustTokenPrivileges CloseHandle 39096->39062 39097 1000f93f ctype 39096->39097 39097->39062 39195 1001bcee 39098->39195 39100 1000fcd2 CopyFileA 39100->38657 39102 10025ea7 39101->39102 39103 10025e3e 39101->39103 39219 10025d2c 78 API calls 3 library calls 39102->39219 39108 1000fee2 39103->39108 39217 1001350d 66 API calls __getptd_noexit 39103->39217 39106 10025e4a 39218 1001ba0f 11 API calls __close 39106->39218 39108->38680 39109 1000f4b0 39108->39109 39110 1000f4f6 39109->39110 39115 1000f4fd 39109->39115 39111 10012eb4 std::ios_base::_Init 77 API calls 39110->39111 39111->39115 39113 1000f543 WaitForSingleObject CloseHandle 39114 10013318 __setlocale_nolock 5 API calls 39113->39114 39116 1000f574 39114->39116 39220 100104f0 CreateEventA 39115->39220 39120 10012ebe 39117->39120 39119 10012ed8 39119->38649 39120->39119 39124 10012eda std::exception::exception 39120->39124 39426 10012d63 39120->39426 39443 1001a356 DecodePointer 39120->39443 39122 10012f18 39444 10012cfa 66 API calls std::exception::operator= 39122->39444 39124->39122 39126 10013847 __cinit 76 API calls 39124->39126 39125 10012f22 39445 10012ba1 RaiseException 39125->39445 39126->39122 39128 10012f33 39129->38677 39130->38711 39131->38701 39133 10013320 39132->39133 39134 10013322 IsDebuggerPresent 39132->39134 39133->38675 39454 10021de7 39134->39454 39137 1001ab09 SetUnhandledExceptionFilter UnhandledExceptionFilter 39138 1001ab26 __call_reportfault 39137->39138 39139 1001ab2e GetCurrentProcess TerminateProcess 39137->39139 39138->39139 39139->38675 39141 100062ad FindCloseChangeNotification 39140->39141 39144 10006280 39140->39144 39143 10013318 __setlocale_nolock 5 API calls 39141->39143 39145 100062c3 39143->39145 39146 10006294 Process32Next 39144->39146 39147 100062a5 39144->39147 39164 10013d9c 39144->39164 39145->39058 39145->39059 39146->39144 39146->39147 39147->39141 39148->39066 39149->39068 39150->39070 39151->39072 39152->39074 39153->39076 39154->39078 39155->39080 39156->39082 39157->39084 39158->39086 39159->39088 39160->39090 39161->39092 39162->39094 39163->39096 39167 10013ba5 39164->39167 39166 10013dae 39166->39144 39188 1001385e 76 API calls 3 library calls 39167->39188 39169 10013bb8 39170 10013be3 39169->39170 39171 10013bbf 39169->39171 39173 10013c11 39170->39173 39174 10013beb 39170->39174 39189 1001350d 66 API calls __getptd_noexit 39171->39189 39175 10013c1a 39173->39175 39183 10013c3e 39173->39183 39191 1001350d 66 API calls __getptd_noexit 39174->39191 39193 1001cf55 85 API calls 4 library calls 39175->39193 39176 10013bc4 39190 1001ba0f 11 API calls __close 39176->39190 39180 10013bf0 39192 1001ba0f 11 API calls __close 39180->39192 39181 10013bcf 39181->39166 39184 10013bfb 39183->39184 39185 10013d54 39183->39185 39186 10016856 82 API calls ___crtLCMapStringA 39183->39186 39184->39166 39194 1001350d 66 API calls __getptd_noexit 39185->39194 39186->39183 39188->39169 39189->39176 39190->39181 39191->39180 39192->39184 39193->39184 39194->39184 39196 1001bcf9 39195->39196 39197 1001bd0e 39195->39197 39211 1001350d 66 API calls __getptd_noexit 39196->39211 39199 1001bd1c 39197->39199 39201 1001bd29 39197->39201 39213 1001350d 66 API calls __getptd_noexit 39199->39213 39200 1001bcfe 39212 1001ba0f 11 API calls __close 39200->39212 39214 1001bc24 97 API calls 2 library calls 39201->39214 39204 1001bd21 39216 1001ba0f 11 API calls __close 39204->39216 39206 1001bd09 39206->39100 39207 1001bd40 39209 1001bd5f 39207->39209 39215 1001350d 66 API calls __getptd_noexit 39207->39215 39209->39100 39211->39200 39212->39206 39213->39204 39214->39207 39215->39204 39216->39209 39217->39106 39218->39108 39219->39108 39223 1001361b 39220->39223 39224 1001362b 39223->39224 39225 1001363f 39223->39225 39249 1001350d 66 API calls __getptd_noexit 39224->39249 39226 1001a46a ___set_flsgetvalue 3 API calls 39225->39226 39228 10013645 39226->39228 39230 10016a87 __calloc_crt 66 API calls 39228->39230 39229 10013630 39250 1001ba0f 11 API calls __close 39229->39250 39232 10013651 39230->39232 39233 100136a2 39232->39233 39244 1001a625 39232->39244 39251 10012e7a 66 API calls 2 library calls 39233->39251 39237 100136a8 39240 10010532 WaitForSingleObject FindCloseChangeNotification 39237->39240 39252 10013533 66 API calls 2 library calls 39237->39252 39238 1001a4f8 __CRT_INIT@12 66 API calls 39241 10013667 CreateThread 39238->39241 39240->39113 39241->39240 39243 1001369a GetLastError 39241->39243 39269 100135b6 39241->39269 39243->39233 39253 1001a5ac GetLastError 39244->39253 39246 1001a62d 39248 1001365e 39246->39248 39267 1001437f 66 API calls 3 library calls 39246->39267 39248->39238 39249->39229 39250->39240 39251->39237 39252->39240 39254 1001a46a ___set_flsgetvalue 3 API calls 39253->39254 39255 1001a5c3 39254->39255 39256 1001a619 SetLastError 39255->39256 39257 10016a87 __calloc_crt 62 API calls 39255->39257 39256->39246 39258 1001a5d7 39257->39258 39258->39256 39259 1001a5df DecodePointer 39258->39259 39260 1001a5f4 39259->39260 39261 1001a610 39260->39261 39262 1001a5f8 39260->39262 39268 10012e7a 66 API calls 2 library calls 39261->39268 39264 1001a4f8 __CRT_INIT@12 62 API calls 39262->39264 39266 1001a600 GetCurrentThreadId 39264->39266 39265 1001a616 39265->39256 39266->39256 39268->39265 39270 1001a46a ___set_flsgetvalue 3 API calls 39269->39270 39271 100135c1 39270->39271 39284 1001a44a TlsGetValue 39271->39284 39274 100135d0 39334 1001a49e DecodePointer 39274->39334 39275 100135fa 39286 1001a63f 39275->39286 39277 10013615 39322 10013575 39277->39322 39280 100135df 39282 100135f0 GetCurrentThreadId 39280->39282 39283 100135e3 GetLastError ExitThread 39280->39283 39282->39277 39285 100135cc 39284->39285 39285->39274 39285->39275 39288 1001a64b __close 39286->39288 39287 1001a663 39290 1001a671 39287->39290 39336 10012e7a 66 API calls 2 library calls 39287->39336 39288->39287 39291 1001a74d __close 39288->39291 39335 10012e7a 66 API calls 2 library calls 39288->39335 39293 1001a67f 39290->39293 39337 10012e7a 66 API calls 2 library calls 39290->39337 39291->39277 39295 1001a68d 39293->39295 39338 10012e7a 66 API calls 2 library calls 39293->39338 39297 1001a69b 39295->39297 39339 10012e7a 66 API calls 2 library calls 39295->39339 39299 1001a6a9 39297->39299 39340 10012e7a 66 API calls 2 library calls 39297->39340 39301 1001a6b7 39299->39301 39341 10012e7a 66 API calls 2 library calls 39299->39341 39303 1001a6c8 39301->39303 39342 10012e7a 66 API calls 2 library calls 39301->39342 39305 1001d1d6 __lock 66 API calls 39303->39305 39306 1001a6d0 39305->39306 39307 1001a6dc InterlockedDecrement 39306->39307 39313 1001a6f5 39306->39313 39308 1001a6e7 39307->39308 39307->39313 39308->39313 39343 10012e7a 66 API calls 2 library calls 39308->39343 39310 1001a702 39312 1001d1d6 __lock 66 API calls 39310->39312 39314 1001a709 39312->39314 39344 1001a759 LeaveCriticalSection _doexit 39313->39344 39315 1001a73a 39314->39315 39345 1001c88f 8 API calls 39314->39345 39347 1001a765 LeaveCriticalSection _doexit 39315->39347 39318 1001a747 39348 10012e7a 66 API calls 2 library calls 39318->39348 39320 1001a71e 39320->39315 39346 1001c928 66 API calls 4 library calls 39320->39346 39323 10013581 __close 39322->39323 39324 1001a625 __getptd 66 API calls 39323->39324 39325 10013586 39324->39325 39349 10003590 39325->39349 39358 100104b0 SetEvent 39325->39358 39364 10003000 39325->39364 39326 10013590 39370 10013556 39326->39370 39328 10013596 39329 1001bf20 __XcptFilter 66 API calls 39328->39329 39330 100135a7 39329->39330 39334->39280 39335->39287 39336->39290 39337->39293 39338->39295 39339->39297 39340->39299 39341->39301 39342->39303 39343->39313 39344->39310 39345->39320 39346->39315 39347->39318 39348->39291 39350 100035b3 39349->39350 39351 100035f4 select 39350->39351 39354 10003612 recv 39350->39354 39355 1000364d 39350->39355 39357 1001350d 66 API calls __close 39350->39357 39377 10003450 39350->39377 39351->39350 39351->39355 39352 10013318 __setlocale_nolock 5 API calls 39353 10003678 39352->39353 39353->39326 39354->39350 39355->39352 39357->39350 39359 100104d6 39358->39359 39360 100104cf 39358->39360 39388 1000f310 39359->39388 39406 10010130 13 API calls 39360->39406 39365 1000304a 39364->39365 39367 10003014 39364->39367 39365->39326 39366 10003028 Sleep 39366->39367 39367->39365 39367->39366 39407 10001210 39367->39407 39410 10003320 GetCurrentThreadId 39367->39410 39371 1001a5ac __getptd_noexit 66 API calls 39370->39371 39372 10013560 39371->39372 39373 10013564 39372->39373 39374 1001356b ExitThread 39372->39374 39425 1001a76e 79 API calls __freefls@4 39373->39425 39376 1001356a 39376->39374 39378 10001300 70 API calls 39377->39378 39386 10003472 39378->39386 39379 1000347e 39379->39350 39380 10003575 39381 10001210 70 API calls 39380->39381 39382 1000357c 39381->39382 39382->39350 39383 100034f7 timeGetTime 39384 10001210 70 API calls 39383->39384 39384->39386 39385 10001300 70 API calls 39385->39386 39386->39379 39386->39380 39386->39383 39386->39385 39387 10001240 70 API calls 39386->39387 39387->39386 39389 100143a0 __write_nolock 39388->39389 39390 1000f32b wsprintfA CreateMutexA 39389->39390 39391 1000f3a1 39390->39391 39392 1000f37f GetLastError 39390->39392 39393 10003130 8 API calls 39391->39393 39392->39391 39394 1000f38c ReleaseMutex CloseHandle 39392->39394 39395 1000f3ac 39393->39395 39396 10014344 66 API calls 39394->39396 39397 1000ee20 80 API calls 39395->39397 39396->39391 39402 1000f3be 39397->39402 39398 1000f3d7 GetTickCount 39405 100036a0 230 API calls 39398->39405 39399 1000f3f2 GetTickCount 39399->39402 39400 1000e010 173 API calls 39400->39402 39401 10012eb4 std::ios_base::_Init 77 API calls 39401->39402 39402->39398 39402->39399 39402->39400 39402->39401 39404 1000f487 39402->39404 39403 10005ad0 TerminateThread CloseHandle 39403->39404 39404->39398 39404->39403 39405->39402 39406->39359 39408 10001140 70 API calls 39407->39408 39409 10001220 39408->39409 39409->39367 39411 1000334e 39410->39411 39412 10003339 39410->39412 39413 10001300 70 API calls 39411->39413 39414 10003340 InterlockedExchange 39412->39414 39415 1000336f 39413->39415 39414->39411 39414->39414 39416 10001300 70 API calls 39415->39416 39417 10003381 39416->39417 39418 10001300 70 API calls 39417->39418 39419 10003397 39418->39419 39420 10003060 send send 39419->39420 39421 100033b7 39420->39421 39422 10001210 70 API calls 39421->39422 39423 100033bf GetCurrentThreadId 39422->39423 39424 100033cf 39423->39424 39424->39367 39425->39376 39427 10012de0 39426->39427 39438 10012d71 39426->39438 39452 1001a356 DecodePointer 39427->39452 39429 10012de6 39453 1001350d 66 API calls __getptd_noexit 39429->39453 39432 10012d9f RtlAllocateHeap 39432->39438 39442 10012dd8 39432->39442 39434 10012dcc 39450 1001350d 66 API calls __getptd_noexit 39434->39450 39438->39432 39438->39434 39439 10012dca 39438->39439 39440 10012d7c 39438->39440 39449 1001a356 DecodePointer 39438->39449 39451 1001350d 66 API calls __getptd_noexit 39439->39451 39440->39438 39446 1001a2dc 66 API calls 2 library calls 39440->39446 39447 1001a12d 66 API calls 7 library calls 39440->39447 39448 100140ec GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 39440->39448 39442->39120 39443->39120 39444->39125 39445->39128 39446->39440 39447->39440 39449->39438 39450->39439 39451->39442 39452->39429 39453->39442 39454->39137 39456 1000fad4 RegOpenKeyExA 39455->39456 39457 1000fb29 39456->39457 39458 1000faef RegQueryValueExA 39456->39458 39463 1000f960 160 API calls 2 library calls 39457->39463 39459 1000fb08 RegCloseKey Sleep 39458->39459 39460 1000fb1f RegCloseKey 39458->39460 39459->39456 39460->39457 39462 1000fb2e Sleep 39462->39456 39463->39462

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 266 1000f580-1000f5e8 CreateToolhelp32Snapshot Thread32First 267 1000f6d3-1000f6f7 CloseHandle call 10013318 266->267 268 1000f5ee 266->268 270 1000f5f0-1000f5f6 268->270 272 1000f6c1-1000f6cd Thread32Next 270->272 273 1000f5fc-1000f604 270->273 272->267 272->270 274 1000f606-1000f60d 273->274 275 1000f66f-1000f674 273->275 274->275 278 1000f60f-1000f61b 274->278 276 1000f6b1-1000f6b6 275->276 277 1000f676-1000f682 275->277 279 1000f6b8-1000f6bb 276->279 280 1000f6bd 276->280 281 1000f684-1000f68c 277->281 282 1000f6f8-1000f731 call 1001078f call 10006240 277->282 283 1000f65d-1000f667 278->283 284 1000f61d-1000f627 278->284 279->280 280->272 281->276 288 1000f68e-1000f69b 281->288 305 1000f950-1000f95e call 10013318 282->305 306 1000f737-1000f74a OpenProcess 282->306 283->280 286 1000f669-1000f66d 283->286 284->282 285 1000f62d-1000f635 284->285 285->283 289 1000f637-1000f644 285->289 286->280 291 1000f6a1 288->291 292 1000f69d-1000f69f 288->292 294 1000f646-1000f648 289->294 295 1000f64a 289->295 293 1000f6a3-1000f6a5 291->293 292->293 298 1000f6a7 293->298 299 1000f6a9-1000f6ac call 10006620 293->299 300 1000f64c-1000f64e 294->300 295->300 298->299 299->276 303 1000f650 300->303 304 1000f652-1000f65a call 10006620 300->304 303->304 304->283 308 1000f750-1000f762 OpenProcessToken 306->308 309 1000f94f 306->309 312 1000f948-1000f949 CloseHandle 308->312 313 1000f768-1000f93d LookupPrivilegeValueA AdjustTokenPrivileges * 2 call 1000e910 * 14 GetLengthSid SetTokenInformation call 1000f580 call 1000eb40 TerminateProcess AdjustTokenPrivileges CloseHandle 308->313 309->305 312->309 313->312 347 1000f93f-1000f945 call 100122d2 313->347 347->312
                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000F5CB
                    • Thread32First.KERNEL32(00000000,?), ref: 1000F5E1
                    • Thread32Next.KERNEL32(00000000,0000001C), ref: 1000F6C6
                    • CloseHandle.KERNEL32(00000000,00000004,00000000,FC41B76C,00000000), ref: 1000F6D4
                    • std::_Xinvalid_argument.LIBCPMT ref: 1000F6FD
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 1000F740
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 1000F75A
                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000F77B
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,00000000), ref: 1000F7B5
                    • AdjustTokenPrivileges.ADVAPI32(?,00000001,00000001,00000010,00000000,00000000,?,00000000), ref: 1000F7C7
                    • GetLengthSid.ADVAPI32(?), ref: 1000F8D4
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 1000F8E8
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 1000F913
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000F92B
                    • CloseHandle.KERNEL32(?), ref: 1000F931
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 1000F949
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Token$AdjustCloseHandlePrivilegesProcess$OpenThread32$CreateFirstInformationLengthLookupNextPrivilegeSnapshotTerminateToolhelp32ValueXinvalid_argumentstd::_
                    • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege$vector<T> too long
                    • API String ID: 4288883302-3994885262
                    • Opcode ID: 32f23fd64c626a467a6db5f7a1efcf90b74811ba8f8cadc8731902384e35d90b
                    • Instruction ID: a6d847a36596519ab9d5ea3f03e866710a041fd0a0d1da3b1017c35c2cc041b5
                    • Opcode Fuzzy Hash: 32f23fd64c626a467a6db5f7a1efcf90b74811ba8f8cadc8731902384e35d90b
                    • Instruction Fuzzy Hash: 33C16175A00209BBEB14DBA4DC85FAEB7BAEB48740F20491DF605FB285DB71AD418B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                      • Part of subcall function 10006240: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10006268
                      • Part of subcall function 10006240: Process32First.KERNEL32(00000000,00000128), ref: 10006277
                      • Part of subcall function 10006240: Process32Next.KERNEL32(00000000,00000128), ref: 1000629C
                      • Part of subcall function 10006240: FindCloseChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 100062AE
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 1000F740
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 1000F75A
                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 1000F77B
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,00000010,?,00000000), ref: 1000F7B5
                    • AdjustTokenPrivileges.ADVAPI32(?,00000001,00000001,00000010,00000000,00000000,?,00000000), ref: 1000F7C7
                      • Part of subcall function 1000E910: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 1000E92E
                      • Part of subcall function 1000E910: AdjustTokenPrivileges.ADVAPI32(00000001,00000000,1000F7D9,00000010,00000000,00000000), ref: 1000E96E
                    • GetLengthSid.ADVAPI32(?), ref: 1000F8D4
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 1000F8E8
                      • Part of subcall function 1000F580: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 1000F5CB
                      • Part of subcall function 1000F580: Thread32First.KERNEL32(00000000,?), ref: 1000F5E1
                      • Part of subcall function 1000F580: Thread32Next.KERNEL32(00000000,0000001C), ref: 1000F6C6
                      • Part of subcall function 1000F580: CloseHandle.KERNEL32(00000000,00000004,00000000,FC41B76C,00000000), ref: 1000F6D4
                      • Part of subcall function 1000EB40: PostThreadMessageA.USER32(00000101,00000002,00000101,?), ref: 1000EB6D
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 1000F913
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000F92B
                    • CloseHandle.KERNEL32(?), ref: 1000F931
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 1000F949
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Token$AdjustClosePrivileges$HandleProcess$CreateFirstLookupNextOpenPrivilegeProcess32SnapshotThread32Toolhelp32Value$ChangeFindInformationLengthMessageNotificationPostTerminateThread
                    • String ID: $SeAssignPrimaryTokenPrivilege$SeBackupPrivilege$SeChangeNotifyPrivilege$SeDebugPrivilege$SeImpersonatePrivilege$SeIncreaseBasePriorityPrivilege$SeIncreaseQuotaPrivilege$SeLoadDriverPrivilege$SeRestorePrivilege$SeSecurityPrivilege$SeShutdownPrivilege$SeSystemEnvironmentPrivilege$SeTakeOwnershipPrivilege$SeTcbPrivilege
                    • API String ID: 2122055157-3151685581
                    • Opcode ID: 6e1bbc2b59bdc6ae47365c5862bf753b818b4d3e97a0db6c712d8272a1e1de11
                    • Instruction ID: 001512e3ad64c0709784f10a1ab430ef39029e0d1e7fb618c968bc69d7fb7263
                    • Opcode Fuzzy Hash: 6e1bbc2b59bdc6ae47365c5862bf753b818b4d3e97a0db6c712d8272a1e1de11
                    • Instruction Fuzzy Hash: 8B614F75A51209BBEB00DBE4DC86FEE7779EF44740F104918F604BB285DBB5AA418BA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 1000fb60-1000fbea OutputDebugStringA * 2 GetCommandLineW CommandLineToArgvW call 10012e00 3 1000fc0a-1000fc32 call 100055b0 0->3 4 1000fbec-1000fbf8 call 10012eb4 0->4 11 1000fc38-1000fcf6 call 1000f710 * 5 SHGetFolderPathA GetModuleFileNameA call 10013478 CopyFileA 3->11 12 1000fd4e-1000fd51 3->12 9 1000fc03 4->9 10 1000fbfa-1000fc01 call 100055a0 4->10 16 1000fc05 9->16 10->16 19 1000fcf7-1000fd0c SetFileAttributesA CreateThread 11->19 13 1000fd72-1000fd75 12->13 14 1000fd53-1000fd70 GetModuleFileNameA 12->14 20 1000fd12 13->20 21 1000fd77-1000fd84 OutputDebugStringA 13->21 14->19 16->3 19->20 24 1000fd18-1000fd28 OutputDebugStringA 20->24 21->24 26 1000fec7 24->26 27 1000fd2e-1000fd35 24->27 29 10010040-10010052 call 10013318 26->29 30 1000fecd-1000fee7 OutputDebugStringA call 10025e2f 26->30 31 1000fd37-1000fd43 call 10012eb4 27->31 32 1000fd8d-1000fd99 call 100056e0 27->32 46 1000ff09-1000ff1c call 10025e2f 30->46 47 1000fee9-1000fefe call 1000f4b0 30->47 43 1000fd45-1000fd4c call 100055a0 31->43 44 1000fd86 31->44 48 1000fdaa-1000fdb1 GetSystemDirectoryA 32->48 49 1000fd9b-1000fda8 GetSystemWow64DirectoryA 32->49 54 1000fd88 43->54 44->54 46->29 63 1000ff22-1000ff30 OutputDebugStringA 46->63 59 1000ff03 47->59 50 1000fdb7-1000fdc4 OutputDebugStringA 48->50 49->50 56 1000fdc5-1000fdcb 50->56 54->32 56->56 61 1000fdcd-1000fe41 SHGetFolderPathA call 10013478 CopyFileA 56->61 59->46 72 1000fe42-1000fe48 61->72 66 1000ff50-1000ff5c call 100056e0 63->66 67 1000ff32-1000ff3e call 10012eb4 63->67 77 1000ff6d-1000ff74 GetSystemDirectoryA 66->77 78 1000ff5e-1000ff6b GetSystemWow64DirectoryA 66->78 74 1000ff40-1000ff47 call 100055a0 67->74 75 1000ff49 67->75 72->72 76 1000fe4a-1000fe74 OutputDebugStringA 72->76 80 1000ff4b 74->80 75->80 81 1000fe94-1000feb3 call 10005740 76->81 82 1000fe76-1000fe82 call 10012eb4 76->82 83 1000ff7a-1000ff87 OutputDebugStringA 77->83 78->83 80->66 91 1000feb9-1000fec1 CloseHandle ExitProcess 81->91 92 1001003a CloseHandle 81->92 93 1000fe84-1000fe8b call 100055a0 82->93 94 1000fe8d 82->94 87 1000ff88-1000ff8e 83->87 87->87 90 1000ff90-10010004 SHGetFolderPathA call 10013478 CopyFileA 87->90 99 10010005-1001000b 90->99 92->29 97 1000fe8f 93->97 94->97 97->81 99->99 101 1001000d-10010030 OutputDebugStringA 99->101 101->92
                    APIs
                    • OutputDebugStringA.KERNEL32(dll run), ref: 1000FB8A
                    • OutputDebugStringA.KERNEL32(dll run2), ref: 1000FB91
                    • GetCommandLineW.KERNEL32(?), ref: 1000FBB7
                    • CommandLineToArgvW.SHELL32(00000000), ref: 1000FBBE
                    • _memset.LIBCMT ref: 1000FBDB
                    • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 1000FC9B
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000FCAF
                    • swprintf.LIBCMT ref: 1000FCCD
                    • CopyFileA.KERNEL32(?,?,00000000), ref: 1000FCE5
                    • SetFileAttributesA.KERNEL32(?,00000002), ref: 1000FCF7
                    • CreateThread.KERNEL32(00000000,00000000,1000FAC0,00000000,00000000,00000000), ref: 1000FD0C
                    • OutputDebugStringA.KERNEL32(dll run3), ref: 1000FD1D
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1000FD61
                    • OutputDebugStringA.KERNEL32(10027E04), ref: 1000FD82
                    • GetSystemDirectoryA.KERNEL32(00000000,00000104), ref: 1000FDB1
                    • OutputDebugStringA.KERNEL32(dll run4), ref: 1000FDBC
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000FDFF
                    • swprintf.LIBCMT ref: 1000FE1D
                    • CopyFileA.KERNEL32(00000000,?,00000000), ref: 1000FE35
                    • OutputDebugStringA.KERNEL32(?), ref: 1000FE6B
                    • CloseHandle.KERNEL32(00000000), ref: 1000FEB9
                    • ExitProcess.KERNEL32 ref: 1000FEC1
                    • OutputDebugStringA.KERNEL32(dll run6), ref: 1000FED2
                    • __wcsicoll.LIBCMT ref: 1000FEDD
                    • __wcsicoll.LIBCMT ref: 1000FF12
                    • OutputDebugStringA.KERNEL32(dll run7), ref: 1000FF27
                    • GetSystemWow64DirectoryA.KERNEL32(00000000,00000104), ref: 1000FDA2
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    • GetSystemWow64DirectoryA.KERNEL32(00000000,00000104), ref: 1000FF65
                    • GetSystemDirectoryA.KERNEL32(00000000,00000104), ref: 1000FF74
                    • OutputDebugStringA.KERNEL32(dll run4), ref: 1000FF7F
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 1000FFC2
                    • swprintf.LIBCMT ref: 1000FFE0
                    • CopyFileA.KERNEL32(00000000,?,00000000), ref: 1000FFF8
                    • OutputDebugStringA.KERNEL32(?), ref: 1001002E
                      • Part of subcall function 1000F4B0: WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,FC41B76C,?,?), ref: 1000F54B
                      • Part of subcall function 1000F4B0: CloseHandle.KERNEL32(00000000,?,?,?,?,FC41B76C,?,?), ref: 1000F552
                    • CloseHandle.KERNEL32(00000000), ref: 1001003A
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: DebugOutputString$File$DirectorySystem$CloseCopyFolderHandlePathswprintf$CommandLineModuleNameWow64__wcsicoll$ArgvAttributesCreateExitObjectProcessSingleThreadWait_malloc_memset
                    • String ID: -Puppet$%s\msedge.exe$%s\msiexec.exe$-Puppet$2345SafeTray.exe$360Tray.exe$HipsTray.exe$QQPCTray.exe$\msiexec.exe$dll run$dll run2$dll run3$dll run4$dll run6$dll run7$dll run8$kxetray.exe
                    • API String ID: 3288495691-3018988614
                    • Opcode ID: 7d830ef31a2b59ee8578fd357b205c01d106cd7898acca70baf0b805d4bdd525
                    • Instruction ID: 6959cae108f41e3a4d8f13f90d72679338ada2cb81fb1ff6466d98d524a47d60
                    • Opcode Fuzzy Hash: 7d830ef31a2b59ee8578fd357b205c01d106cd7898acca70baf0b805d4bdd525
                    • Instruction Fuzzy Hash: D5D1C775905219ABF710DB60CC86FEA77B4FB08340F518499F70D9B1D2EBB0A985CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 102 1000e010-1000e07d GetModuleHandleW 103 1000e098-1000e0ea OutputDebugStringA call 10012e00 * 2 gethostname gethostbyname 102->103 104 1000e07f-1000e08d GetProcAddress 102->104 110 1000e0f0-1000e134 inet_ntoa call 10014054 * 2 103->110 111 1000e189-1000e1a3 inet_addr 103->111 104->103 105 1000e08f-1000e095 104->105 105->103 110->111 122 1000e136-1000e138 110->122 112 1000e1a5-1000e1b6 111->112 113 1000e1b8-1000e1c8 111->113 115 1000e1c9-1000e25c wsprintfA call 10006a00 OutputDebugStringA call 1000a850 call 1000aca0 112->115 113->115 130 1000e260-1000e265 115->130 124 1000e140-1000e187 inet_ntoa call 10014054 * 2 122->124 124->111 130->130 132 1000e267-1000e2ef call 1000a850 call 1000df20 130->132 137 1000e2f5-1000e2fb 132->137 138 1000e3dd-1000e3df 132->138 139 1000e2fd-1000e30c 137->139 138->139 140 1000e314-1000e330 call 1000d6d0 139->140 141 1000e30e 139->141 144 1000e421-1000e4a2 OutputDebugStringA call 1000df20 140->144 145 1000e336-1000e35d 140->145 141->140 151 1000e590-1000e592 144->151 152 1000e4a8-1000e4ae 144->152 147 1000e362-1000e39e call 1000b580 call 10009d00 145->147 148 1000e35f 145->148 159 1000e3a0-1000e3a9 call 100122d2 147->159 160 1000e3ac-1000e3b9 147->160 148->147 154 1000e4b0-1000e4bf 151->154 152->154 157 1000e4c1 154->157 158 1000e4c7-1000e4e3 call 1000d6d0 154->158 157->158 171 1000e5d4-1000e6bd OutputDebugStringA * 2 RegOpenKeyA RegQueryValueExA RegCloseKey GetSystemInfo wsprintfA GlobalMemoryStatusEx OutputDebugStringA 158->171 172 1000e4e9-1000e510 158->172 159->160 163 1000e3e4-1000e3ea 160->163 164 1000e3bb-1000e3c1 160->164 169 1000e3f2-1000e404 call 10013f30 163->169 170 1000e3ec 163->170 167 1000e3c3 164->167 168 1000e3c9-1000e3cf 164->168 167->168 173 1000e3d1-1000e3d9 168->173 183 1000e40a-1000e410 169->183 170->169 174 1000e6c0-1000e6c2 171->174 176 1000e512 172->176 177 1000e515-1000e551 call 1000b580 call 10009d00 172->177 173->173 179 1000e3db 173->179 180 1000e6e1-1000e6f5 174->180 181 1000e6c4-1000e6dd capGetDriverDescriptionA 174->181 176->177 194 1000e553-1000e55c call 100122d2 177->194 195 1000e55f-1000e56c 177->195 179->183 186 1000e700-1000e711 180->186 181->174 185 1000e6df 181->185 183->144 187 1000e412-1000e41e call 100122d2 183->187 185->180 186->186 189 1000e713-1000e726 call 10006b20 186->189 187->144 197 1000e728-1000e73c wsprintfA 189->197 198 1000e73f-1000e75c OutputDebugStringA 189->198 194->195 200 1000e597-1000e59d 195->200 201 1000e56e-1000e574 195->201 197->198 264 1000e75d call 10001210 198->264 265 1000e75d call 10003320 198->265 205 1000e5a5-1000e5b7 call 10013f30 200->205 206 1000e59f 200->206 203 1000e576 201->203 204 1000e57c-1000e582 201->204 203->204 209 1000e584-1000e58c 204->209 214 1000e5bd-1000e5c3 205->214 206->205 208 1000e75f-1000e774 OutputDebugStringA 211 1000e776-1000e77c call 100122d2 208->211 212 1000e77f-1000e78b 208->212 209->209 213 1000e58e 209->213 211->212 216 1000e7b1-1000e7c3 212->216 217 1000e78d-1000e790 212->217 213->214 214->171 218 1000e5c5-1000e5d1 call 100122d2 214->218 221 1000e805-1000e80d 216->221 222 1000e7c5-1000e7d6 call 10010b72 216->222 217->216 220 1000e792-1000e79a 217->220 218->171 220->216 226 1000e79c-1000e7af 220->226 224 1000e818-1000e824 221->224 225 1000e80f-1000e815 call 100122d2 221->225 233 1000e7e1-1000e7f9 call 10010b9a 222->233 234 1000e7d8-1000e7db 222->234 231 1000e826-1000e829 224->231 232 1000e84a-1000e85c 224->232 225->224 226->216 231->232 239 1000e82b-1000e833 231->239 235 1000e89e-1000e8a9 232->235 236 1000e85e-1000e86f call 10010b72 232->236 233->221 255 1000e7fb-1000e801 233->255 234->233 240 1000e7dd-1000e7de 234->240 243 1000e8ba-1000e8d6 235->243 244 1000e8ab-1000e8b7 call 100122d2 235->244 256 1000e871-1000e874 236->256 257 1000e87a-1000e892 call 10010b9a 236->257 239->232 245 1000e835-1000e848 239->245 240->233 246 1000e8e7-1000e908 call 10013318 243->246 247 1000e8d8-1000e8e4 call 100122d2 243->247 244->243 245->232 247->246 255->221 256->257 260 1000e876-1000e877 256->260 257->235 263 1000e894-1000e89a 257->263 260->257 263->235 264->208 265->208
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: _strcat_s$DebugOutputString_memsetinet_ntoa$AddressHandleModuleProcgethostbynamegethostnameinet_addrwsprintf
                    • String ID: "addr":"([^"]+)"$"ip":"([^"]+)"$2$@$HARDWARE\DESCRIPTION\System\CentralProcessor\0$NTDLL$RtlGetVersion$g$http://whois.pconline.com.cn/ipJson.jsp$~MHz
                    • API String ID: 776193317-3408092411
                    • Opcode ID: be27aeb44ff73eba3f52e61628ef864d682188e8a8401bcaa01d3749f7f223f4
                    • Instruction ID: e5d24219444de3dacda0878619b56530527954d980c908a6cf78b64f50aa726a
                    • Opcode Fuzzy Hash: be27aeb44ff73eba3f52e61628ef864d682188e8a8401bcaa01d3749f7f223f4
                    • Instruction Fuzzy Hash: 244259B19012A99BEB21CF64CC84ADDB7B9FB48300F5085E9E54DA7245DB30AF84CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • ResetEvent.KERNEL32(?), ref: 100036BC
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 100036C8
                    • timeGetTime.WINMM ref: 100036CE
                    • socket.WS2_32(00000002,00000001,00000006), ref: 100036FB
                    • gethostbyname.WS2_32(?), ref: 1000371F
                    • htons.WS2_32(?), ref: 10003738
                    • connect.WS2_32(?,?,00000010), ref: 10003756
                    • setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 10003782
                    • setsockopt.WS2_32(?,0000FFFF,00001002,00040000,00000004), ref: 1000379F
                    • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 100037BC
                    • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 100037D6
                    • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 1000380A
                    • InterlockedExchange.KERNEL32(?,00000001), ref: 10003813
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: setsockopt$ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
                    • String ID: 0u
                    • API String ID: 777360719-3203441087
                    • Opcode ID: da5c69cc24fde920a7451c9e633a974ab7a82f4cd4c4a0d4fdaa27898c2a792a
                    • Instruction ID: 5ac4d1d520d1562c9a1e4cb37ee3d5268df0c4750581d13a7029842686159b39
                    • Opcode Fuzzy Hash: da5c69cc24fde920a7451c9e633a974ab7a82f4cd4c4a0d4fdaa27898c2a792a
                    • Instruction Fuzzy Hash: BD5140B1540705ABE720DFA4CC85FAAB7F8FF48710F104619F64AAB6D0D7B0A9458B64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 411 100101d0-10010279 call 10012e00 * 2 RegOpenKeyExA 416 1001027b-10010285 411->416 417 1001028a-1001028e 411->417 418 10010413-10010440 call 10010441 call 10013318 416->418 417->418 419 10010294-1001029b 417->419 419->418 420 100102a1 419->420 420->418 422 100102f5-10010323 RegQueryValueExA 420->422 423 100103c7-100103ee RegQueryValueExA 420->423 424 10010389-100103b7 RegQueryValueExA 420->424 425 100102a8-100102d6 RegQueryValueExA 420->425 422->418 430 10010329-1001032f 422->430 423->418 428 100103f0-100103f4 423->428 424->418 427 100103b9-100103c5 424->427 425->418 429 100102dc-100102f0 lstrcpyA 425->429 432 100103f9-10010406 wsprintfA 427->432 428->432 433 10010409 429->433 434 10010330-10010333 430->434 432->433 433->418 436 10010370-10010384 lstrcpyA 434->436 437 10010335-1001036e call 10014680 * 2 call 10013e70 434->437 436->433 437->434
                    APIs
                    • _memset.LIBCMT ref: 10010239
                    • _memset.LIBCMT ref: 1001024C
                    • RegOpenKeyExA.KERNEL32(1000E1E3,00000000,00000000,00020019,00000000,?,?,FC41B76C,1000E1E3,?,00000000), ref: 10010271
                      • Part of subcall function 10010441: RegCloseKey.ADVAPI32(1000E1E3,1001041F,?,?,FC41B76C,1000E1E3,?,00000000), ref: 1001044E
                      • Part of subcall function 10010441: RegCloseKey.ADVAPI32(00000000,?,?,FC41B76C,1000E1E3,?,00000000), ref: 10010457
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Close_memset$Open
                    • String ID: %08X
                    • API String ID: 4292648718-3773563069
                    • Opcode ID: fcf31943138fa70f555b8d698a5d4c2e32fdd3d5bf6f25e96176bf53947d5a7c
                    • Instruction ID: b4be81d47521141898d2c9ab8986144c6e338c181cf5495c98e3a6e42169dd5d
                    • Opcode Fuzzy Hash: fcf31943138fa70f555b8d698a5d4c2e32fdd3d5bf6f25e96176bf53947d5a7c
                    • Instruction Fuzzy Hash: A56141B5A01219ABDB20DF94DCC9FDA77B8FB48710F104199F609A7180D774EA84CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 444 1000aca0-1000ace7 InternetOpenA 445 1000ad08-1000ad0c 444->445 446 1000ace9 444->446 447 1000ad10-1000ad24 InternetOpenUrlA 445->447 448 1000ad0e 445->448 449 1000acee-1000ad03 call 10009f10 call 1000ac40 446->449 450 1000ad34-1000ad6c InternetReadFile 447->450 451 1000ad26-1000ad32 InternetCloseHandle 447->451 448->447 462 1000ae02-1000ae1d call 10013318 449->462 453 1000ada7-1000adc6 call 1001084a 450->453 454 1000ad6e 450->454 451->449 464 1000adc8 453->464 465 1000adce-1000add0 453->465 456 1000ad70-1000ad78 454->456 456->453 460 1000ad7a-1000ada5 call 10009df0 InternetReadFile 456->460 460->453 460->456 464->465 466 1000add2-1000adda 465->466 466->466 469 1000addc-1000adef InternetCloseHandle * 2 466->469 471 1000ae00 469->471 472 1000adf1-1000adfd call 100122d2 469->472 471->462 472->471
                    APIs
                    • InternetOpenA.WININET(HTTPGET,00000001,00000000,00000000,00000000), ref: 1000ACDD
                    • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 1000AD1A
                    • InternetCloseHandle.WININET(00000000), ref: 1000AD27
                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 1000AD68
                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 1000ADA1
                    • InternetCloseHandle.WININET(00000000), ref: 1000ADE3
                    • InternetCloseHandle.WININET(00000000), ref: 1000ADE6
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Internet$CloseHandle$FileOpenRead
                    • String ID: HTTPGET$InternetOpen failed$InternetOpenUrlA failed
                    • API String ID: 3539267403-909499719
                    • Opcode ID: 757e6e52a534ffb98273a6d5907755e31168238764b81d7647572753277b69e6
                    • Instruction ID: f5c78b7903c8ffb58dd93ce4a8889aa51d6ae73d5fc2739f2fe7b33a843f9eaf
                    • Opcode Fuzzy Hash: 757e6e52a534ffb98273a6d5907755e31168238764b81d7647572753277b69e6
                    • Instruction Fuzzy Hash: F941CAB1900158ABEB20DB25CC84FDBB7BCEF85650F5445AAF60697244DB309EC5CFA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 475 100055b0-100055ee RegCreateKeyA 476 100056c1-100056d5 call 10013318 475->476 477 100055f4-10005626 RegQueryValueExA 475->477 479 10005631-1000563a 477->479 480 10005628-1000562f 477->480 482 10005640-10005645 479->482 480->479 481 10005664-10005690 RegQueryValueExA 480->481 485 10005692-10005699 481->485 486 1000569b-100056b2 RegSetValueExA 481->486 482->482 484 10005647-10005662 RegSetValueExA 482->484 484->481 485->486 487 100056b4-100056bb RegCloseKey 485->487 486->487 487->476
                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,SYSTEM\Setup,?), ref: 100055E6
                    • RegQueryValueExA.KERNEL32(?,BITS,00000000,?,00000000,?,?,?), ref: 1000561C
                    • RegSetValueExA.ADVAPI32(?,BITS,00000000,00000001,?,?,?,?), ref: 10005662
                    • RegQueryValueExA.KERNEL32(?,Host,00000000,?,00000000,?,?,?), ref: 1000568C
                    • RegSetValueExA.ADVAPI32(?,Host,00000000,00000001,10027616,00000001,?,?), ref: 100056B2
                    • RegCloseKey.KERNEL32(?,?,?), ref: 100056BB
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Value$Query$CloseCreate
                    • String ID: BITS$Host$SYSTEM\Setup
                    • API String ID: 2357964129-2174744495
                    • Opcode ID: bf6939e59f7abf83ef9f71e2fdc06b4789267bd585b5c6e811398ebcd6f859dd
                    • Instruction ID: b9e3f65a3b723ff9817af272711f07e9694bbfed27745d423863c005ae16d7cf
                    • Opcode Fuzzy Hash: bf6939e59f7abf83ef9f71e2fdc06b4789267bd585b5c6e811398ebcd6f859dd
                    • Instruction Fuzzy Hash: F031617190061AABEF20DB24CC8DFEA73B8FB44741F504198F90CA7150DB71AE498F54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • wsprintfA.USER32 ref: 1000F362
                    • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 1000F373
                    • GetLastError.KERNEL32 ref: 1000F37F
                    • ReleaseMutex.KERNEL32(00000000), ref: 1000F38D
                    • CloseHandle.KERNEL32(00000000), ref: 1000F394
                      • Part of subcall function 10014344: _doexit.LIBCMT ref: 10014350
                    • GetTickCount.KERNEL32 ref: 1000F3D7
                    • GetTickCount.KERNEL32 ref: 1000F3F2
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CountMutexTick$CloseCreateErrorHandleLastRelease_doexitwsprintf
                    • String ID: %d:%d
                    • API String ID: 3645654511-4036436701
                    • Opcode ID: 279c067b76e5a4f4a416809fca9f90cb0c8ef2e9da4426839f8ac9e679910cd4
                    • Instruction ID: 14b544a3744082c85ebde1b9be9e5a554f618d7c834c0904d8e3e9cd67375b9d
                    • Opcode Fuzzy Hash: 279c067b76e5a4f4a416809fca9f90cb0c8ef2e9da4426839f8ac9e679910cd4
                    • Instruction Fuzzy Hash: 9A41A270900654DFEB10DB64CC95BEE77F8FF44340F2041A8E90A9B285DB30AE49DBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 524 1000fac0-1000face 525 1000fad4-1000faed RegOpenKeyExA 524->525 526 1000fb29-1000fb39 call 1000f960 Sleep 525->526 527 1000faef-1000fb06 RegQueryValueExA 525->527 526->525 528 1000fb08-1000fb1d RegCloseKey Sleep 527->528 529 1000fb1f-1000fb23 RegCloseKey 527->529 528->525 529->526
                    APIs
                    • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,00000000,00020019,?), ref: 1000FAE9
                    • RegQueryValueExA.KERNEL32(?,IsSystemUpgradeComponentRegistered,00000000,00000000,00000000,?), ref: 1000FB02
                    • RegCloseKey.KERNEL32(?), ref: 1000FB0C
                    • Sleep.KERNEL32(00000BB8), ref: 1000FB17
                    • RegCloseKey.ADVAPI32(?), ref: 1000FB23
                    • Sleep.KERNEL32(00000BB8), ref: 1000FB33
                    Strings
                    • IsSystemUpgradeComponentRegistered, xrefs: 1000FAF9
                    • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000FADF
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CloseSleep$OpenQueryValue
                    • String ID: IsSystemUpgradeComponentRegistered$Software\Microsoft\Windows\CurrentVersion\Run
                    • API String ID: 3341780449-3687489623
                    • Opcode ID: 1e7f4a7215d685126ee8cdc907e5b4b6d1337edba5e28a69cd487e08b639466a
                    • Instruction ID: d910147bfdafe134d3b935b93daa720863279ec739a6c1e977022a7f6f224a87
                    • Opcode Fuzzy Hash: 1e7f4a7215d685126ee8cdc907e5b4b6d1337edba5e28a69cd487e08b639466a
                    • Instruction Fuzzy Hash: 42F03C75A00229FBF704DBA5CCDAEAE767CFB08345F200048FA09A2455D770AE06AB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • OutputDebugStringA.KERNEL32(DLL_PROCESS_ATTACH,?,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1000EA17
                    • OutputDebugStringA.KERNEL32(DLL_THREAD_ATTACH,1002D0B0,0000000C,10014A2D,?), ref: 1000EA2B
                    • OutputDebugStringA.KERNEL32(DLL_PROCESS_DETACH,?,10014985,?,?,?,?,?,?,1002D0B0,0000000C,10014A2D,?), ref: 1000EA3F
                    • OutputDebugStringA.KERNEL32(DLL_THREAD_DETACH), ref: 1000EA53
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: DebugOutputString
                    • String ID: DLL_PROCESS_ATTACH$DLL_PROCESS_DETACH$DLL_THREAD_ATTACH$DLL_THREAD_DETACH
                    • API String ID: 1166629820-2224134929
                    • Opcode ID: d0db7d327c09e3ae80bf730a8db513d50ffcdcf225fb57357978a02f1b04a58d
                    • Instruction ID: 1fbbb73e636fa4368da270a62b35c7b6ca6055d4f1e74bdecfad96fd3db7412e
                    • Opcode Fuzzy Hash: d0db7d327c09e3ae80bf730a8db513d50ffcdcf225fb57357978a02f1b04a58d
                    • Instruction Fuzzy Hash: 9AE01236252118D7E210A798FCC4F9BB724F759351F608057F90CD6610D772A8A98533
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,FC41B76C,00000000,?,?,?,1000F3BE), ref: 1000EE6A
                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,00000400,00000400,00001000), ref: 1000EF1B
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000EF56
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000EF7B
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000EFA0
                      • Part of subcall function 100013B0: __CxxThrowException@8.LIBCMT ref: 100013C2
                      • Part of subcall function 100013B0: DeleteCriticalSection.KERNEL32(?,00001000,1002BF50,?,1000EC40,80004005), ref: 100013D1
                      • Part of subcall function 1000EA90: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,FC41B76C,00000000,?,75922F30,1000F04F), ref: 1000EAEB
                      • Part of subcall function 1000EA90: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 1000EB07
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 1000F085
                    • timeGetTime.WINMM ref: 1000F08B
                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1000F099
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1000F0A2
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CreateEvent$CriticalSection$CountInitializeSpin$DeleteException@8ExchangeInterlockedThrowTimetime
                    • String ID:
                    • API String ID: 1400036169-0
                    • Opcode ID: 4aa257ad7d65bc8ef619f73b2fb62c83e0af4d18bdceebbe12cb46a09194baae
                    • Instruction ID: 59eaa1fe3655fcbffb0bbbe29cd18b89c79cbe65b41c99d8e422eb64f098899f
                    • Opcode Fuzzy Hash: 4aa257ad7d65bc8ef619f73b2fb62c83e0af4d18bdceebbe12cb46a09194baae
                    • Instruction Fuzzy Hash: 378128B0904B809EE321CF7AC884B9BFAF8FF95740F10491EE19A97650DBB5A544CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • _memset.LIBCMT ref: 10006A6D
                    • _memset.LIBCMT ref: 10006A79
                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,FC41B76C,?,00000000,00000000), ref: 10006AE4
                    • gethostname.WS2_32(?,1000E1E3), ref: 10006AEC
                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,FC41B76C,?,00000000,00000000), ref: 10006AF3
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: _memsetlstrlen$_mallocgethostname
                    • String ID: Host$SYSTEM\Setup
                    • API String ID: 2594358590-2058306683
                    • Opcode ID: 7a9b541fd7d93c63b87872fdfdec652b5eebb4df41f3883e66376ac324f05309
                    • Instruction ID: e1e7fd0a4084a905876e328838acedcef136b5a9d0be9d7f01013dde0ced0442
                    • Opcode Fuzzy Hash: 7a9b541fd7d93c63b87872fdfdec652b5eebb4df41f3883e66376ac324f05309
                    • Instruction Fuzzy Hash: 3631E9B0A01264AFE720DF68CC85F9E7BB4FB49710F104169FA18A7281D7706A41CF99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 590 28a07a0-28a0801 call 28a06d0 call 28a0780 LoadLibraryA
                    APIs
                    • LoadLibraryA.KERNEL32(?,00000000,00000072), ref: 028A07FC
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: LibraryLoad
                    • String ID: A$b$d$i$o$y
                    • API String ID: 1029625771-4132616007
                    • Opcode ID: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
                    • Instruction ID: afc1259fa084fd703693c24e26ec8d053dc270dcb96d4dd1f807b6bb9a345004
                    • Opcode Fuzzy Hash: e70d79556655b48d5b602298e5a8f3d66295cabfc8376b7ee935f322c8017ec4
                    • Instruction Fuzzy Hash: 9CF0925400D3C1AEE302E76C944579BBED62BE2648F48CC8CE4D84B243D6BA865CD7B3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Control-flow Graph

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 10013640
                    • __calloc_crt.LIBCMT ref: 1001364C
                    • __getptd.LIBCMT ref: 10013659
                    • CreateThread.KERNEL32(100104B0,?,100135B6,00000000,?,00000000), ref: 10013690
                    • GetLastError.KERNEL32(?,10010532,?,?,100104B0,?,?,?,?,?), ref: 1001369A
                    • _free.LIBCMT ref: 100136A3
                    • __dosmaperr.LIBCMT ref: 100136AE
                      • Part of subcall function 1001350D: __getptd_noexit.LIBCMT ref: 1001350D
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                    • String ID:
                    • API String ID: 155776804-0
                    • Opcode ID: 4322d06265b0925dea6bdb789c1e8d7d9befcf97368f24891a52023014ca90a9
                    • Instruction ID: 5c59e672b88cb2bcfc433f1c4ef2b01d1288423b102b686241f6978629a51cde
                    • Opcode Fuzzy Hash: 4322d06265b0925dea6bdb789c1e8d7d9befcf97368f24891a52023014ca90a9
                    • Instruction Fuzzy Hash: D1114436200756BFE710DFA49C4598F7BE8EF053B0B11C029F918DE251DB31E8C08AA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 100135BC
                      • Part of subcall function 1001A46A: TlsGetValue.KERNEL32(?,1001A5C3,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A473
                      • Part of subcall function 1001A46A: DecodePointer.KERNEL32(?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A485
                      • Part of subcall function 1001A46A: TlsSetValue.KERNEL32(00000000,?,?,1001A62D,?,10013876,75919350,?,10025D40,?,00000000,?,1000FEE2,?,-Puppet), ref: 1001A494
                    • ___fls_getvalue@4.LIBCMT ref: 100135C7
                      • Part of subcall function 1001A44A: TlsGetValue.KERNEL32(?,?,100135CC,00000000), ref: 1001A458
                    • ___fls_setvalue@8.LIBCMT ref: 100135DA
                      • Part of subcall function 1001A49E: DecodePointer.KERNEL32(?,?,?,100135DF,00000000,?,00000000), ref: 1001A4AF
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 100135E3
                    • ExitThread.KERNEL32 ref: 100135EA
                    • GetCurrentThreadId.KERNEL32 ref: 100135F0
                    • __freefls@4.LIBCMT ref: 10013610
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                    • String ID:
                    • API String ID: 2383549826-0
                    • Opcode ID: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction ID: 1f4a9ec6495e7c115d8d6bd07618927870ab57304695706120a6265854e1ddf4
                    • Opcode Fuzzy Hash: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction Fuzzy Hash: 14F03078401741ABD704EF65CA4A80E7BEAEF8A244B25C454F8088F213DB34E8C2CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 10006B8C
                    • _memset.LIBCMT ref: 10006B98
                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,FC41B76C,75919350,00000000), ref: 10006BFD
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: _memset$_malloclstrlen
                    • String ID: BITS$SYSTEM\Setup
                    • API String ID: 285548681-3074452007
                    • Opcode ID: 0af828f64407df6863cbcec1543b3280b07659d1e18c9aa4ed533c49a1f8e5ee
                    • Instruction ID: dd1e21d8fa68b527038c420cf3b482bbc89297fffcc0550996dd3cb3e2ecdcc1
                    • Opcode Fuzzy Hash: 0af828f64407df6863cbcec1543b3280b07659d1e18c9aa4ed533c49a1f8e5ee
                    • Instruction Fuzzy Hash: B021BAB5A01254AFE710CF68CC45B9E7BB5FB48710F104169FA18AB281D7706645CF94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • wsprintfA.USER32 ref: 1000E736
                    • OutputDebugStringA.KERNEL32(10027C30,?,?,?,?,?,?,?,?,?,"addr":"([^"]+)",00000001,?,?,"ip":"([^"]+)",00000001), ref: 1000E744
                    • OutputDebugStringA.KERNEL32(10027C2C,?,?,?,?,?,?,?,?,?,"addr":"([^"]+)",00000001,?,?,"ip":"([^"]+)",00000001), ref: 1000E76A
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000E7CC
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000E865
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: DebugLockitLockit::_OutputStringstd::_$wsprintf
                    • String ID:
                    • API String ID: 4114653978-0
                    • Opcode ID: 836d9090127d3572841fd155e993951d1260bf10bf1a0f3202da55634ce84852
                    • Instruction ID: 71cde9608faf795d8778179ae10e374bdaae38e2f8bcd94de37ca5af738bca05
                    • Opcode Fuzzy Hash: 836d9090127d3572841fd155e993951d1260bf10bf1a0f3202da55634ce84852
                    • Instruction Fuzzy Hash: DD519075E002A59FEB60DF64C880A9CB3F5FB44350F1185E9D99DAB285DB31AEC48B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • VirtualFree.KERNELBASE(?,?,00004000,00000000,00000000), ref: 028A01C4
                    • VirtualProtect.KERNEL32(?,?,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 028A024A
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: Virtual$FreeProtect
                    • String ID: $@
                    • API String ID: 2581862158-1077428164
                    • Opcode ID: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
                    • Instruction ID: ccf00dcd47e0e38ba4f05b6acb853a9b5fdb59391d0b0cf1695d8b9616c9edb4
                    • Opcode Fuzzy Hash: 4cede706ef36cafc7341851033050614b0b156a10d30ed1cc2c708af9af9788d
                    • Instruction Fuzzy Hash: B8314DB86043059FE714CF18C4A4BABB7E6FF88708F40890CE9899B280D775E955CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __floor_pentium4.LIBCMT ref: 10001182
                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 100011C2
                    • _memmove.LIBCMT ref: 100011DE
                    • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 100011F1
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Virtual$AllocFree__floor_pentium4_memmove
                    • String ID:
                    • API String ID: 1828152804-0
                    • Opcode ID: 21b21ec2742564cc80e173f095c1d21d7d16beb0a4b61982f74cee913a12df5b
                    • Instruction ID: a005891867a68f85cbffcccb02d29acf9b9cfd6f7f01d1bd69afafa2bea04be6
                    • Opcode Fuzzy Hash: 21b21ec2742564cc80e173f095c1d21d7d16beb0a4b61982f74cee913a12df5b
                    • Instruction Fuzzy Hash: 7421E071604208AFEB14CF69D885A9BB7E8FF44751F10852EFD4996240E670A950C794
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __floor_pentium4.LIBCMT ref: 100010B8
                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 100010E8
                    • _memmove.LIBCMT ref: 10001104
                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 1000111B
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Virtual$AllocFree__floor_pentium4_memmove
                    • String ID:
                    • API String ID: 1828152804-0
                    • Opcode ID: 83390f44b909e9e9c2a69ebe75b2f5143022986fc09b398032f97ddb9c8114e4
                    • Instruction ID: b626ba846818d7837c54d267f9ffec9d36b22f7df543a35abe7fc41e4a14898e
                    • Opcode Fuzzy Hash: 83390f44b909e9e9c2a69ebe75b2f5143022986fc09b398032f97ddb9c8114e4
                    • Instruction Fuzzy Hash: D421C071A00308AFEB10CFA9CD86B9ABBE8FF04755F108529FD48D6240E6B0E9548754
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10006268
                    • Process32First.KERNEL32(00000000,00000128), ref: 10006277
                    • Process32Next.KERNEL32(00000000,00000128), ref: 1000629C
                    • FindCloseChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 100062AE
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                    • String ID:
                    • API String ID: 3243318325-0
                    • Opcode ID: f16eeab1338c34a3cc79cd822764459de93c29bb11c3ba24120cee4fb5f24aed
                    • Instruction ID: 62871e3e9dfe9c9a798bfd966eee26c9fc07e1a64d0ec55501e3a49490f8260e
                    • Opcode Fuzzy Hash: f16eeab1338c34a3cc79cd822764459de93c29bb11c3ba24120cee4fb5f24aed
                    • Instruction Fuzzy Hash: 3901F235A002186BEB10DB758C41AEF77BDEF89390F1000A9FA448B100EE70EE558BE1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 10012ECE
                      • Part of subcall function 10012D63: __FF_MSGBANNER.LIBCMT ref: 10012D7C
                      • Part of subcall function 10012D63: __NMSG_WRITE.LIBCMT ref: 10012D83
                      • Part of subcall function 10012D63: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,10016A53,?,00000001,?,?,1001D161,00000018,1002D480,0000000C,1001D1F1), ref: 10012DA8
                    • std::exception::exception.LIBCMT ref: 10012F03
                    • std::exception::exception.LIBCMT ref: 10012F1D
                    • __CxxThrowException@8.LIBCMT ref: 10012F2E
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                    • String ID:
                    • API String ID: 615853336-0
                    • Opcode ID: 89dda561dab12a3f2316d89bfafa81295a286e681c07cfb844639ce387e00d69
                    • Instruction ID: 7ca0bc5bef7531d6ff6561799e264f7b6746004d524353b5647e5922babf9c4a
                    • Opcode Fuzzy Hash: 89dda561dab12a3f2316d89bfafa81295a286e681c07cfb844639ce387e00d69
                    • Instruction Fuzzy Hash: 51F028B540424A6EDB05DB54DD42ADD77F9EF44740F940069F921AE092DFB0EBD08751
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 1000332C
                    • InterlockedExchange.KERNEL32(?,00000001), ref: 10003343
                    • GetCurrentThreadId.KERNEL32 ref: 100033BF
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CurrentThread$ExchangeInterlocked
                    • String ID:
                    • API String ID: 4033114805-0
                    • Opcode ID: 1105b84f27e864446f59908c4bd58253edc9de368d25ed4da542c9d927076183
                    • Instruction ID: 490d881859c065775b32c4543678e998ec687a9797589f0355bdc3c6344465b4
                    • Opcode Fuzzy Hash: 1105b84f27e864446f59908c4bd58253edc9de368d25ed4da542c9d927076183
                    • Instruction Fuzzy Hash: 50215E75651104ABE715DF54CCD2FEAB3ACFB04780F108159FA069B189EBB1BE54CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,FC41B76C,?,?), ref: 1001050B
                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?), ref: 1001053D
                    • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 10010547
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: ChangeCloseCreateEventFindNotificationObjectSingleWait
                    • String ID:
                    • API String ID: 3748051167-0
                    • Opcode ID: cc5af5b76bd995688dce9a4ebaed5d2abfbe4fd01ae70adf557b83c4b0e0ac7c
                    • Instruction ID: 005aa84629d854ea06974fa4f5339828caa0668c1b006555f067695827ea4f62
                    • Opcode Fuzzy Hash: cc5af5b76bd995688dce9a4ebaed5d2abfbe4fd01ae70adf557b83c4b0e0ac7c
                    • Instruction Fuzzy Hash: A9011D75A00219BBDB00DF98CD85F9E77B8EF48710F208649FD18A7380D774E9118B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
                    • Instruction ID: 725a3be32c847ac2b5eaf4008fe08f7e20e931dadb4dade90b9bb32dd28b824c
                    • Opcode Fuzzy Hash: 5c28cbd71489db32c36c92d8b3dc7f29978b4200c33b3d9e54f9d285b180d39f
                    • Instruction Fuzzy Hash: 4C41E2BA7012006FF714EF68EC94B6B77A9EF84366F10456AFA05CA241EF71D8019B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::locale::_Init.LIBCPMT ref: 1000DF63
                      • Part of subcall function 10010E7E: __EH_prolog3.LIBCMT ref: 10010E85
                      • Part of subcall function 10010E7E: std::_Lockit::_Lockit.LIBCPMT ref: 10010E9B
                      • Part of subcall function 10010E7E: std::locale::_Locimp::_Locimp.LIBCPMT ref: 10010EBD
                      • Part of subcall function 10010E7E: std::locale::_Setgloballocale.LIBCPMT ref: 10010EC7
                      • Part of subcall function 10010E7E: _Yarn.LIBCPMT ref: 10010EDD
                    • std::_Lockit::_Lockit.LIBCPMT ref: 1000DF77
                      • Part of subcall function 100108B9: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 100108C7
                      • Part of subcall function 100108B9: __CxxThrowException@8.LIBCMT ref: 100108D5
                      • Part of subcall function 100108B9: std::exception::exception.LIBCMT ref: 100108E8
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: std::locale::_$LockitLockit::_std::_$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8H_prolog3InitLocimpLocimp::_SetgloballocaleThrowYarnstd::exception::exception
                    • String ID:
                    • API String ID: 934845469-0
                    • Opcode ID: 14323fbc1583a70d4e1586cc905690a14c84f3e27d5fe1c3c5234129e1412168
                    • Instruction ID: 9368945dcf571d4578f105ce328e1a5f03956bde80a5d4adc62c875a4f770577
                    • Opcode Fuzzy Hash: 14323fbc1583a70d4e1586cc905690a14c84f3e27d5fe1c3c5234129e1412168
                    • Instruction Fuzzy Hash: ED2196B56042069FE710DF58D881BAAB7F4FF44790F10862AF8559B285EB70E904CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 10003603
                    • recv.WS2_32(?,?,00040000,00000000), ref: 10003624
                      • Part of subcall function 1001350D: __getptd_noexit.LIBCMT ref: 1001350D
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: __getptd_noexitrecvselect
                    • String ID:
                    • API String ID: 4248608111-0
                    • Opcode ID: 52967d0ae50c5e68931670ceec2df4b53ff06de137ebc9bd83d970886332665d
                    • Instruction ID: bc049c8e9b43eccdaf7919914bd70d2d8a6300271b5be492aaf4dc170797508f
                    • Opcode Fuzzy Hash: 52967d0ae50c5e68931670ceec2df4b53ff06de137ebc9bd83d970886332665d
                    • Instruction Fuzzy Hash: C521D6B0A00214EBEB11DF64CC86B9B77E8EF05794F11C1A5F5059B295CB72ED84CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • send.WS2_32(?,?,?,00000000), ref: 1000308F
                    • send.WS2_32(?,?,00000000,00000000), ref: 100030CF
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: send
                    • String ID:
                    • API String ID: 2809346765-0
                    • Opcode ID: bee871e7e6a7b878a4d17c40cbb94758c5132a5dca7b0b34721e841a58542267
                    • Instruction ID: 3bdcc0c0e75ff96d2266bf44ca8b28988935f7484b851c9cd19ef7b8cac5b85a
                    • Opcode Fuzzy Hash: bee871e7e6a7b878a4d17c40cbb94758c5132a5dca7b0b34721e841a58542267
                    • Instruction Fuzzy Hash: 5D113772A02219ABEB01CF69CC94B8F7BE8FB45790F20C519F919DB245D770EE518B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,FC41B76C,?,?), ref: 1000F54B
                    • CloseHandle.KERNEL32(00000000,?,?,?,?,FC41B76C,?,?), ref: 1000F552
                      • Part of subcall function 10012EB4: _malloc.LIBCMT ref: 10012ECE
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CloseHandleObjectSingleWait_malloc
                    • String ID:
                    • API String ID: 1449608963-0
                    • Opcode ID: effc6ef73440eac3666f2d3528ed7292bb58453fb004a732e1333eafb720efbc
                    • Instruction ID: 5cc6d64b82452f1b014ddfccb26594927a3062f4146f4d8f46b8f7eeb8c04cd2
                    • Opcode Fuzzy Hash: effc6ef73440eac3666f2d3528ed7292bb58453fb004a732e1333eafb720efbc
                    • Instruction Fuzzy Hash: C611E671A04614AFEB10DF74CC05BAE77B4FB08710F104269FA15AB2C0DB746A00CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • HeapCreate.KERNEL32 ref: 1000EC2A
                    • _free.LIBCMT ref: 1000EC69
                      • Part of subcall function 100013B0: __CxxThrowException@8.LIBCMT ref: 100013C2
                      • Part of subcall function 100013B0: DeleteCriticalSection.KERNEL32(?,00001000,1002BF50,?,1000EC40,80004005), ref: 100013D1
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: CreateCriticalDeleteException@8HeapSectionThrow_free
                    • String ID:
                    • API String ID: 1116298128-0
                    • Opcode ID: ae2091885c7c10fb16c21935d1e5acaa41dce8b55917e6928991df43a9e57ebf
                    • Instruction ID: 6cff2636182d58fa8cf76a226639d88bde9e15f7dd6b88bed54d41963b3b8b92
                    • Opcode Fuzzy Hash: ae2091885c7c10fb16c21935d1e5acaa41dce8b55917e6928991df43a9e57ebf
                    • Instruction Fuzzy Hash: 140192B4A00B449FD320CF2AC845A47FBF8FF95750B108A1EEADA87B10D771A505CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID: f
                    • API String ID: 3472027048-1993550816
                    • Opcode ID: 22bb522ae61cdd8b675ffae29db0c7e7d98555ec4c2b0d123f4e1f2340e30299
                    • Instruction ID: d80ebf32503fab887925df3d17edc8d8d1eb3c84870718284b8f8525f89c92a8
                    • Opcode Fuzzy Hash: 22bb522ae61cdd8b675ffae29db0c7e7d98555ec4c2b0d123f4e1f2340e30299
                    • Instruction Fuzzy Hash: A5F09031640219ABE301CB55C8D4BABF3ACFB54395F108128D50547190C3766E9AC7E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 10013581
                      • Part of subcall function 1001A625: __getptd_noexit.LIBCMT ref: 1001A628
                      • Part of subcall function 1001A625: __amsg_exit.LIBCMT ref: 1001A635
                      • Part of subcall function 10013556: __getptd_noexit.LIBCMT ref: 1001355B
                      • Part of subcall function 10013556: __freeptd.LIBCMT ref: 10013565
                      • Part of subcall function 10013556: ExitThread.KERNEL32 ref: 1001356E
                    • __XcptFilter.LIBCMT ref: 100135A2
                      • Part of subcall function 1001BF20: __getptd_noexit.LIBCMT ref: 1001BF26
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                    • String ID:
                    • API String ID: 418257734-0
                    • Opcode ID: 74a71a6e09d76ef0ece3893c939b2691bcefcb2d2ba80687b96811701af41861
                    • Instruction ID: 53eea7b6b85eae10101572ee25e33344d825cf0643742fc2bcd254a346ac487d
                    • Opcode Fuzzy Hash: 74a71a6e09d76ef0ece3893c939b2691bcefcb2d2ba80687b96811701af41861
                    • Instruction Fuzzy Hash: 1FE0B6B99046049FE718DBA0D906F6D7766EF08215F200099F1026B2A2CA35E9809A24
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCloseKey.ADVAPI32(1000E1E3,1001041F,?,?,FC41B76C,1000E1E3,?,00000000), ref: 1001044E
                    • RegCloseKey.ADVAPI32(00000000,?,?,FC41B76C,1000E1E3,?,00000000), ref: 10010457
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Close
                    • String ID:
                    • API String ID: 3535843008-0
                    • Opcode ID: b2734a3b824f0b8796673985be66f8e19b6ccb78559704ba3252722a1883c251
                    • Instruction ID: 73dfc05d3e3cb72c64603be9dac78fbaea7a0667736dde0406738dabd4f4a605
                    • Opcode Fuzzy Hash: b2734a3b824f0b8796673985be66f8e19b6ccb78559704ba3252722a1883c251
                    • Instruction Fuzzy Hash: 20C04C72D1013897CB50E754DC8894977786B48210F1541C5A508A3124C7346E868F90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 10001300: _memmove.LIBCMT ref: 10001331
                    • timeGetTime.WINMM ref: 100034F7
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Time_memmovetime
                    • String ID:
                    • API String ID: 1463837790-0
                    • Opcode ID: 6dde9df8692ce71aa8f0fcf10fbbe9657ae9ea4bd489b4d6237a2baa7fa715b9
                    • Instruction ID: e702fa2c559bf4c21d59e2adc7ba059844bbbca0d1935593a722be6a2dede5fe
                    • Opcode Fuzzy Hash: 6dde9df8692ce71aa8f0fcf10fbbe9657ae9ea4bd489b4d6237a2baa7fa715b9
                    • Instruction Fuzzy Hash: C73126767041406BFB06DF64D8D1BBE739AEB8A3D0F048159F506CF389CA61BD4287A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Timetime
                    • String ID:
                    • API String ID: 17336451-0
                    • Opcode ID: b030a2d336b42ce030b88dd64f5e9a5db792d7af769a32cd1fd47e80376a46cf
                    • Instruction ID: c16ce4185db268b17830e55df0503b1c278d5ebcf08c056d2a2d6fc9bd91ee40
                    • Opcode Fuzzy Hash: b030a2d336b42ce030b88dd64f5e9a5db792d7af769a32cd1fd47e80376a46cf
                    • Instruction Fuzzy Hash: BD21C1757041405BFB06CB64C8D1BBE73AAEB85280F148198F5428F399CA25BE828796
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID:
                    • API String ID: 4104443479-0
                    • Opcode ID: c7a317a3493e42c306a9ccb4b74389a300a15c719fb82b4753da8f49d43d5982
                    • Instruction ID: adf0c0161ec857f612d67f0e7da70e55d4c1ec2c3ff9db7563af9d076db1c77a
                    • Opcode Fuzzy Hash: c7a317a3493e42c306a9ccb4b74389a300a15c719fb82b4753da8f49d43d5982
                    • Instruction Fuzzy Hash: 23212E7270520A9FE714CE1DDCC199BB3E9EF44254B10856EFC4AC3645DB71ED51C690
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 871c8276cdba66467a8013178945f283ff27ae47d69f749043262b08f931714b
                    • Instruction ID: 952570c018fea65bde20a4e8527476284c65d7363ed2bd4f5ca6ff2fbd031f32
                    • Opcode Fuzzy Hash: 871c8276cdba66467a8013178945f283ff27ae47d69f749043262b08f931714b
                    • Instruction Fuzzy Hash: D80180773045024F6718D5BFE8449AFB3DADBD46E1301843EE65AC3608EA30E8608290
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetEvent.KERNEL32(?), ref: 100104C5
                      • Part of subcall function 10010130: OpenDesktopA.USER32(?,00000000,00000000,000001FF), ref: 1001017B
                      • Part of subcall function 10010130: CloseDesktop.USER32(00000000,?), ref: 1001019D
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Desktop$CloseEventOpen
                    • String ID:
                    • API String ID: 1155787062-0
                    • Opcode ID: ed183a2b1e970fc3536fcd6870562946a637c7c32ccaf2975f24c975b12d09f3
                    • Instruction ID: dd98a18ab000c5b8f7010fd3ced66ea637c3f61d941a19e350352a9a70218319
                    • Opcode Fuzzy Hash: ed183a2b1e970fc3536fcd6870562946a637c7c32ccaf2975f24c975b12d09f3
                    • Instruction Fuzzy Hash: 5DE0467B7002146FC200DB99E884E86B3ECEF99661B098062F608DB222C270F8008BA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSAStartup.WS2_32(00000202), ref: 10026D7E
                    Memory Dump Source
                    • Source File: 00000002.00000002.4477276035.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                    • Associated: 00000002.00000002.4477259161.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477307987.0000000010027000.00000002.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477327762.000000001002F000.00000004.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000002.00000002.4477345818.0000000010033000.00000002.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_10000000_msiexec.jbxd
                    Similarity
                    • API ID: Startup
                    • String ID:
                    • API String ID: 724789610-0
                    • Opcode ID: ffa0810309986187aa1627e5ea7b7f1021ba7e47300d25cd05852e91ca3e70b2
                    • Instruction ID: 0958d8a53342f299e18851c5d444c39124e624f506e8683d554184c42bf80e0a
                    • Opcode Fuzzy Hash: ffa0810309986187aa1627e5ea7b7f1021ba7e47300d25cd05852e91ca3e70b2
                    • Instruction Fuzzy Hash: 8EE0263491120CFBDB00EFA4CC4754EB7E8EB09200F604168F9099B212EF31BA048786
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,00000000,00000000,00000000,?,028A04FC,?,?,00000000,?,?,?), ref: 028A0121
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
                    • Instruction ID: 036f24da2df8489f4da2ae65f87025cbfa0d08ae286c83eafbab9aeea8d828ce
                    • Opcode Fuzzy Hash: b31f9707cb75a64353f4c7ab76afdd0e3ed18b89a7f94c3e54c93e4b215f14f0
                    • Instruction Fuzzy Hash: 0E2137B9600201AFE314CF18DC85B5AF3E9FF88305F14882DE989C7241DBB1E895CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetVersionExW.KERNEL32(?), ref: 00216434
                    • GetCurrentProcess.KERNEL32(0000001A,?,00000004,00000000), ref: 00216456
                    • NtQueryInformationProcess.NTDLL ref: 0021645D
                    • GetCommandLineW.KERNEL32 ref: 0021649F
                    • GetStdHandle.KERNEL32(000000F5), ref: 002164F3
                    • GetFileType.KERNEL32(00000000), ref: 00216504
                    • memset.MSVCRT ref: 0021652B
                    • memset.MSVCRT ref: 0021653D
                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0021661D
                    • RegCloseKey.ADVAPI32(?,?), ref: 00216649
                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00216672
                    • RegCloseKey.ADVAPI32(?), ref: 0021667E
                    • CompareStringW.KERNEL32(00000409,?,00000002,?,00211994,000000FF), ref: 002168CA
                    • CompareStringW.KERNEL32(00000409,00000001,00000002,?,package,?), ref: 002168F9
                    • CompareStringW.KERNEL32(00000409,00000001,00000002,?,002117F0,000000FF), ref: 002169BB
                    • memset.MSVCRT ref: 00216B2C
                    • GlobalFree.KERNEL32(?), ref: 00216BA4
                    • lstrlenW.KERNEL32(?,00000063,?), ref: 00216C69
                    • GlobalFree.KERNEL32(00000000), ref: 00216F6C
                    • CoInitialize.OLE32(00000000), ref: 002170D8
                    • CoRegisterClassObject.OLE32(002125E0,0021B064,00000004,00000001,0021C6AC), ref: 0021710F
                    • GetCurrentThread.KERNEL32 ref: 00217225
                    • OpenThreadToken.ADVAPI32(00000000), ref: 0021722C
                    • GetLastError.KERNEL32 ref: 0021723F
                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00217CAE
                    • TranslateMessage.USER32(?), ref: 00217CD0
                    • DispatchMessageW.USER32(?), ref: 00217CDE
                    Strings
                    • REBOOT=Force, xrefs: 0021681D
                    • ServerMain (CA): Error: Format SD, xrefs: 002175AC
                    • ServerMain (CA): Create Custom Action Server failed., xrefs: 002176CD
                    • ServerMain (CA): Connect to remote object failed., xrefs: 002177F8
                    • OLEAUT32.dll, xrefs: 002170DE
                    • PATCH=, xrefs: 00216710
                    • update, xrefs: 00216705
                    • /l*, xrefs: 00216859
                    • OpenProcessToken failed with %d, xrefs: 002173F1
                    • ServerMain (CA): Process not registered with service., xrefs: 00217788
                    • forcerestart, xrefs: 00216812
                    • q, xrefs: 00216AFA
                    • ServerMain (CA): Could not open synchronization handle., xrefs: 002177BB, 00217ABF
                    • quiet, xrefs: 002167B8
                    • log, xrefs: 0021684E
                    • ServerMain (CA): Error: Access to SD, xrefs: 002174C5
                    • /qn, xrefs: 002167C3
                    • package, xrefs: 00216767, 00216795, 002168E8
                    • ServerMain (CA): Connection to Service failed., xrefs: 0021769B
                    • help, xrefs: 0021679A
                    • MSIPATCHREMOVE=, xrefs: 00216774
                    • ServerMain (CA): Wait on synchronization event failed, xrefs: 002172E1
                    • REBOOTPROMPT="", xrefs: 0021683B
                    • uninstall, xrefs: 00216715
                    • ServerMain (CA): Error: Watch for change-of-owning-process signal, xrefs: 0021764A
                    • promptrestart, xrefs: 00216830
                    • ServerMain (CA): CoInitializeSecurity failed, xrefs: 002175F7
                    • ServerMain (CA): Wrong command line, xrefs: 002171D0
                    • Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries, xrefs: 002165D9
                    • REBOOT=ReallySuppress, xrefs: 002167FF
                    • RUVEH?IJDqXFAtPYZlgmnc, xrefs: 00216BDC, 00216DB3, 00216FDC
                    • passive, xrefs: 002167D6
                    • /qb!- REBOOTPROMPT=S, xrefs: 002167E1
                    • ServerMain (CA): Parsing command line failed, xrefs: 002171E1
                    • ServerMain (CA): Open synchronization event failed, xrefs: 00217C8E
                    • ServerMain (CA): Access to token failed, xrefs: 00217250
                    • ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type, xrefs: 00217460
                    • ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type, xrefs: 0021742F
                    • ServerMain (CA): Error: Watch for the shutdown signal, xrefs: 00217621
                    • norestart, xrefs: 002167F4
                    • ServerMain (CA): Impersonation token not saved., xrefs: 002178DD
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: CompareMessageQueryStringmemset$CloseCurrentFreeGlobalProcessThreadValue$ClassCommandDispatchErrorFileHandleInformationInitializeLastLineObjectOpenRegisterTokenTranslateTypeVersionlstrlen
                    • String ID: /l*$/qb!- REBOOTPROMPT=S$/qn$MSIPATCHREMOVE=$OLEAUT32.dll$OpenProcessToken failed with %d$PATCH=$REBOOT=Force$REBOOT=ReallySuppress$REBOOTPROMPT=""$RUVEH?IJDqXFAtPYZlgmnc$ServerMain (CA): Access to token failed$ServerMain (CA): CoInitializeSecurity failed$ServerMain (CA): Connect to remote object failed.$ServerMain (CA): Connection to Service failed.$ServerMain (CA): Could not open synchronization handle.$ServerMain (CA): Create Custom Action Server failed.$ServerMain (CA): Error: Access to SD$ServerMain (CA): Error: Format SD$ServerMain (CA): Error: Watch for change-of-owning-process signal$ServerMain (CA): Error: Watch for the shutdown signal$ServerMain (CA): Error: icacContext in CA server should be AISImpersonated but is not any impersonated type$ServerMain (CA): Error: icacContext in CA server should be EEUI but is not any impersonated type$ServerMain (CA): Impersonation token not saved.$ServerMain (CA): Open synchronization event failed$ServerMain (CA): Parsing command line failed$ServerMain (CA): Process not registered with service.$ServerMain (CA): Wait on synchronization event failed$ServerMain (CA): Wrong command line$Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries$forcerestart$help$log$norestart$package$passive$promptrestart$q$quiet$uninstall$update
                    • API String ID: 1475639937-2370891382
                    • Opcode ID: 8eea4515ca921d1f69713e7b2b83588e910bc454e29cb67c5ff5d4673f047e24
                    • Instruction ID: d7077e7cf47b0da592eaa63457287631641f4399c5943ee1d750c446c6dbcaf4
                    • Opcode Fuzzy Hash: 8eea4515ca921d1f69713e7b2b83588e910bc454e29cb67c5ff5d4673f047e24
                    • Instruction Fuzzy Hash: 2CE2CE71528342DFD7209F24D848BEEB7E5FBE8314F10892EF58997290DB7089A5CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • FreeSid.ADVAPI32(?), ref: 00213256
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213274
                    • FreeSid.ADVAPI32(?), ref: 00213292
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002132B0
                    • FreeSid.ADVAPI32(?), ref: 002132CE
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002132F0
                    • FreeSid.ADVAPI32(?), ref: 0021330E
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000013,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0021332C
                    • FreeSid.ADVAPI32(?), ref: 0021334A
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000014,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213368
                    • FreeSid.ADVAPI32(?), ref: 002133CF
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002133EC
                    • FreeSid.ADVAPI32(?), ref: 0021340A
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213428
                    • FreeSid.ADVAPI32(?), ref: 00213446
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213468
                    • FreeSid.ADVAPI32(?), ref: 002134A2
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002134C0
                    • FreeSid.ADVAPI32(?), ref: 002134DE
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213500
                    • FreeSid.ADVAPI32(?), ref: 00213548
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213566
                    • FreeSid.ADVAPI32(?), ref: 00213584
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002135A6
                    • FreeSid.ADVAPI32(?), ref: 002135C4
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002135E2
                    • FreeSid.ADVAPI32(?), ref: 00213628
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213646
                    • FreeSid.ADVAPI32(?), ref: 00213664
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213686
                    • FreeSid.ADVAPI32(?), ref: 002136AE
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002136CC
                    • FreeSid.ADVAPI32(?), ref: 002136EA
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213707
                    • FreeSid.ADVAPI32(?), ref: 00213725
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00213747
                    • GetLengthSid.ADVAPI32(?), ref: 002137A0
                    • memset.MSVCRT ref: 002137C5
                    • GlobalAlloc.KERNEL32(00000000,?), ref: 002137E8
                    • InitializeAcl.ADVAPI32(?,?,00000002), ref: 00213816
                    • AddAccessAllowedAce.ADVAPI32(?,00000002,?,?), ref: 00213842
                    • GetAce.ADVAPI32(?,?,?), ref: 0021385D
                    • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00213887
                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0021389D
                    • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 002138AE
                    • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 002138C7
                    • GetSecurityDescriptorLength.ADVAPI32(?), ref: 002138D6
                    • MakeSelfRelativeSD.ADVAPI32(?,?,?), ref: 002138F3
                    • GetLastError.KERNEL32 ref: 002138FD
                    • GlobalFree.KERNEL32(?), ref: 00213918
                    • GetLastError.KERNEL32 ref: 00213920
                    • FreeSid.ADVAPI32(?), ref: 0021393D
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: FreeInitialize$Allocate$DescriptorSecurity$ErrorGlobalLastLength$AccessAllocAllowedDaclGroupMakeOwnerRelativeSelfmemset
                    • String ID:
                    • API String ID: 3802846876-0
                    • Opcode ID: 07a6bd6b5e4dc7ca1bb0a128dc463a76bf6e3c8725647044c7c6baaa26fba625
                    • Instruction ID: 412c9b4a9208804efc6b98bf0a958d42cc86745afc4102558bb233b81c3c94eb
                    • Opcode Fuzzy Hash: 07a6bd6b5e4dc7ca1bb0a128dc463a76bf6e3c8725647044c7c6baaa26fba625
                    • Instruction Fuzzy Hash: 4B120871518346AFDB20DF60DC8CBEBB7E9FB98741F10882DB584C2190DB719A95CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetLastError.KERNEL32(00000020,00000000,00000000), ref: 00215A12
                    • RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 00215A8A
                    • RegCloseKey.ADVAPI32(?), ref: 00215AAA
                    • GlobalFree.KERNEL32(?), ref: 00215ABF
                    • RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00215B14
                    • RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 00215B35
                    • lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 00215B3C
                    • RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 00215B59
                    • RegCloseKey.ADVAPI32(?), ref: 00215B65
                    • memset.MSVCRT ref: 00215B84
                    • OutputDebugStringW.KERNEL32(?), ref: 00215BD4
                    • SetLastError.KERNEL32(00000000), ref: 00215BDB
                      • Part of subcall function 00212F5E: RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZ!,?,00215A48,?,?,?), ref: 00212F8B
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Value$CloseErrorLast$CreateDebugFreeGlobalOpenOutputQueryStringlstrlenmemset
                    • String ID: %s$($Debug$Error: %d. %s.$LastError$LastErrorMessage$P$ServerMain (CA): Open synchronization event failed$Software\Microsoft\Windows\CurrentVersion\Installer\CA$Software\Policies\Microsoft\Windows\Installer
                    • API String ID: 3407900974-1723650419
                    • Opcode ID: 3314e2bf0665d6b08b507d44094be61d573721ac4e9e55b1e5845c8ce93f7248
                    • Instruction ID: 54221ccfdcacdc62174a316c436d672e3156fcce51091fa234c3bcc0b42db1a6
                    • Opcode Fuzzy Hash: 3314e2bf0665d6b08b507d44094be61d573721ac4e9e55b1e5845c8ce93f7248
                    • Instruction Fuzzy Hash: E5515D7191022CEADB209F51EC89BEA77F8FB68344F0181E5E549A2150DE728EE5CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___getlocaleinfo.LIBCMT ref: 028B7EA9
                      • Part of subcall function 028BD969: ___crtGetLocaleInfoA.LIBCMT ref: 028BD9B3
                      • Part of subcall function 028BD969: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 028BD9C1
                      • Part of subcall function 028BD969: ___crtGetLocaleInfoA.LIBCMT ref: 028BD9DA
                      • Part of subcall function 028BD969: __calloc_crt.LIBCMT ref: 028BD9EF
                      • Part of subcall function 028BD969: ___crtGetLocaleInfoA.LIBCMT ref: 028BDA15
                      • Part of subcall function 028BD969: __calloc_crt.LIBCMT ref: 028BDA26
                      • Part of subcall function 028BD969: _free.LIBCMT ref: 028BDA3E
                    • __malloc_crt.LIBCMT ref: 028B7EBB
                    • __calloc_crt.LIBCMT ref: 028B7ECB
                    • __calloc_crt.LIBCMT ref: 028B7ED6
                    • __calloc_crt.LIBCMT ref: 028B7EE1
                    • __calloc_crt.LIBCMT ref: 028B7EF0
                    • GetCPInfo.KERNEL32(?,?), ref: 028B7F43
                    • ___crtGetStringTypeA.LIBCMT ref: 028B7FB1
                    • ___crtLCMapStringA.LIBCMT ref: 028B7FE4
                    • ___crtLCMapStringA.LIBCMT ref: 028B8011
                      • Part of subcall function 028B845A: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 028B8468
                      • Part of subcall function 028B845A: __crtLCMapStringA_stat.LIBCMT ref: 028B8489
                    • InterlockedDecrement.KERNEL32(?), ref: 028B80F0
                    • _free.LIBCMT ref: 028B8106
                    • _free.LIBCMT ref: 028B8119
                    • _free.LIBCMT ref: 028B8127
                    • _free.LIBCMT ref: 028B8132
                    • _free.LIBCMT ref: 028B8179
                    • _free.LIBCMT ref: 028B8186
                    • _free.LIBCMT ref: 028B818E
                    • _free.LIBCMT ref: 028B8196
                    • _free.LIBCMT ref: 028B819E
                    • InterlockedDecrement.KERNEL32(?), ref: 028B81B6
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: _free$___crt__calloc_crt$Locale$InfoString$DecrementInterlocked$A_statErrorLastTypeUpdateUpdate::____getlocaleinfo__crt__malloc_crt
                    • String ID:
                    • API String ID: 640359803-0
                    • Opcode ID: 0342bf45c1e72bd3f7c087441fe7b87e90c6b595453205f0bbe91f0408403c9b
                    • Instruction ID: 1979dcde1b6a7c02421a8775ce225b168170bb86ad8bd22f1f7a26225a5f5e0a
                    • Opcode Fuzzy Hash: 0342bf45c1e72bd3f7c087441fe7b87e90c6b595453205f0bbe91f0408403c9b
                    • Instruction Fuzzy Hash: 63B16A79D01209AFDB22DFA8C895BEEBBB9BF08304F18412DE449E7341D735A845CB21
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _memset.LIBCMT ref: 028A7388
                    • _memset.LIBCMT ref: 028A741B
                    • GetNativeSystemInfo.KERNEL32(?), ref: 028A744F
                    • GetSystemWow64DirectoryA.KERNEL32(?,00000104), ref: 028A7474
                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 028A7488
                    • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 028A74D3
                    • swprintf.LIBCMT ref: 028A74F1
                    • CopyFileA.KERNEL32(?,?,00000000), ref: 028A7508
                      • Part of subcall function 028B4AB8: _malloc.LIBCMT ref: 028B4AD2
                    • SuspendThread.KERNEL32(?), ref: 028A756D
                    • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 028A7590
                    • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 028A75BA
                    • QueueUserAPC.KERNEL32(00000000,?,00000000), ref: 028A75D4
                    • ResumeThread.KERNEL32(?), ref: 028A75E1
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: System$DirectoryThread_memset$AllocCopyFileFolderInfoMemoryNativePathProcessQueueResumeSuspendUserVirtualWow64Write_mallocswprintf
                    • String ID: D$\msiexec.exe
                    • API String ID: 477358041-2685333904
                    • Opcode ID: 3ca8eea134f9c1ba044dfa25fbb249b40dbf8b0ed795f6cb11e04231520831b3
                    • Instruction ID: 018563528e342166c21af2bf24b6b3182225a90fe2011b6d1219ffc03c3fdee6
                    • Opcode Fuzzy Hash: 3ca8eea134f9c1ba044dfa25fbb249b40dbf8b0ed795f6cb11e04231520831b3
                    • Instruction Fuzzy Hash: CC712FB5901228AFEB15DB688CD5EEAB7BDFB48300F504199F60D93241DB705E85CF61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • memset.MSVCRT ref: 00215CAD
                    • GetACP.KERNEL32(00000641,?,00000000), ref: 00215CE3
                    • LoadLibraryW.KERNEL32(KERNEL32), ref: 00215CF0
                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00215D02
                    • GetLocaleInfoW.KERNEL32(?,20001004,?,0000000A), ref: 00215D38
                    • FreeLibrary.KERNEL32(00000000), ref: 00215D46
                    • FormatMessageW.KERNEL32(00001000,00000000,00000641,?,?,00000401,00000000), ref: 00215D6C
                    • memset.MSVCRT ref: 00215DEE
                    • GetVersionExW.KERNEL32(0000011C), ref: 00215E07
                      • Part of subcall function 00212E35: _vsnwprintf.MSVCRT ref: 00212E67
                    • lstrlenW.KERNEL32(?), ref: 00215E96
                    • WriteFile.KERNEL32(?,00000000,?,00000000), ref: 00215EB4
                    • WriteFile.KERNEL32(00212638,00000004,?,00000000), ref: 00215ECF
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: FileLibraryWritememset$AddressFormatFreeInfoLoadLocaleMessageProcVersion_vsnwprintflstrlen
                    • String ID: GetUserDefaultUILanguage$Install error %i$KERNEL32
                    • API String ID: 2411759445-2065445882
                    • Opcode ID: 69ef4e92a2fadb48974140076f728bdb1c28a1a38c0856c4fa42ad420dff427a
                    • Instruction ID: 082e4689b0ea923e86f7155dcaed2b397dfd77a1241dfce9db3e679ddf7f369f
                    • Opcode Fuzzy Hash: 69ef4e92a2fadb48974140076f728bdb1c28a1a38c0856c4fa42ad420dff427a
                    • Instruction Fuzzy Hash: 3A51B471910229EBEB209F60EC49EFB77ECEB68350F1441A5F509E2091DF718E948F60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __calloc_crt$String___crt$DecrementInterlocked$InfoType___getlocaleinfo__malloc_crt_free
                    • String ID:
                    • API String ID: 3586313819-0
                    • Opcode ID: 854056f3d148af244be448574be6bf7e344e7ca825e34d1f49bf5974a63fde05
                    • Instruction ID: b0dda1b03b33300f69a86e61095f3a560e262f34b59007c5d49005b994e2a0c1
                    • Opcode Fuzzy Hash: 854056f3d148af244be448574be6bf7e344e7ca825e34d1f49bf5974a63fde05
                    • Instruction Fuzzy Hash: ACB18CB9D00205AFDB26CFA8C895AEEBBB9FF49304F08406DE449E7341E7359845CB21
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThread.KERNEL32 ref: 00212FC1
                    • OpenThreadToken.ADVAPI32(00000000), ref: 00212FC8
                    • GetLastError.KERNEL32 ref: 00212FD2
                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00212FE9
                    • OpenProcessToken.ADVAPI32(00000000), ref: 00212FF0
                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0021300F
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000030,?,?), ref: 0021303B
                    • CloseHandle.KERNEL32(?), ref: 00213044
                    • GetLastError.KERNEL32 ref: 0021304A
                    • CloseHandle.KERNEL32(?), ref: 00213068
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Token$CloseCurrentErrorHandleLastOpenProcessThread$AdjustLookupPrivilegePrivilegesValue
                    • String ID:
                    • API String ID: 268630328-0
                    • Opcode ID: 8df3e966e9c47a17716a9e3b00b31fbc87465a1949ce12edaf3ae7e9175100ac
                    • Instruction ID: 563b76cd36f080ae667b21d76259fc866a908f453822afd47dcab9033b227909
                    • Opcode Fuzzy Hash: 8df3e966e9c47a17716a9e3b00b31fbc87465a1949ce12edaf3ae7e9175100ac
                    • Instruction Fuzzy Hash: 2A215A71A10209EFDB10DFA5ED49BDEBBF9EF28700F108025F606E6160DB71DA528B60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 00213133
                    • GetLastError.KERNEL32(?,?), ref: 0021313D
                    • GetLengthSid.ADVAPI32(?,?,?), ref: 00213148
                    • FreeSid.ADVAPI32(00000000), ref: 0021315E
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AllocateErrorFreeInitializeLastLength
                    • String ID:
                    • API String ID: 1611457584-0
                    • Opcode ID: a0babbddf0fb46cab81ef5d93236c9dbb3cc1a58083ea201dfa15ac92d8521da
                    • Instruction ID: 6f97639365659316638d74e75edd1c4041cc4e0fdd73f9009995b7f886386f9b
                    • Opcode Fuzzy Hash: a0babbddf0fb46cab81ef5d93236c9dbb3cc1a58083ea201dfa15ac92d8521da
                    • Instruction Fuzzy Hash: EE113670924219FFDB11DFA4EC4D7FEBBB5FB28304F108469E415921A0DB714994CB41
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 00217DF2
                    • GetLastError.KERNEL32 ref: 00217DFC
                      • Part of subcall function 002159F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 00215A12
                      • Part of subcall function 002159F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 00215A8A
                      • Part of subcall function 002159F2: RegCloseKey.ADVAPI32(?), ref: 00215AAA
                      • Part of subcall function 002159F2: GlobalFree.KERNEL32(?), ref: 00215ABF
                      • Part of subcall function 002159F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00215B14
                      • Part of subcall function 002159F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 00215B35
                      • Part of subcall function 002159F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 00215B3C
                      • Part of subcall function 002159F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 00215B59
                      • Part of subcall function 002159F2: RegCloseKey.ADVAPI32(?), ref: 00215B65
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Value$CloseErrorLast$CreateCtrlDispatcherFreeGlobalQueryServiceStartlstrlen
                    • String ID: MSIServer$StartServiceCtrlDispatcher failed.
                    • API String ID: 2998827721-520530687
                    • Opcode ID: 3fd5aec6a7e986f54d8cd70d50aaab42b7f640d881a624a7278512157ed4430d
                    • Instruction ID: 9797e2abe92ab325e16a0828f5e57b9bd691c206b47f97094092cf8c49f44e4a
                    • Opcode Fuzzy Hash: 3fd5aec6a7e986f54d8cd70d50aaab42b7f640d881a624a7278512157ed4430d
                    • Instruction Fuzzy Hash: 99E0D831E30108DBDF00EBA4D80D7EE7BF9EBB4309F1084A49515E2140DFB0C9658B91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00219726,00211000), ref: 002195F7
                    • UnhandledExceptionFilter.KERNEL32(00219726,?,00219726,00211000), ref: 00219600
                    • GetCurrentProcess.KERNEL32(C0000409,?,00219726,00211000), ref: 0021960B
                    • TerminateProcess.KERNEL32(00000000,?,00219726,00211000), ref: 00219612
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                    • String ID:
                    • API String ID: 3231755760-0
                    • Opcode ID: 9af27652072029157ec5f4debb4be9a21fb3fa9d71ad306ce5e5a496f58dca3e
                    • Instruction ID: df3ef2fd4d9b9c50a891606cb9b8983c279487265231cc33bb3bb4eed65eda61
                    • Opcode Fuzzy Hash: 9af27652072029157ec5f4debb4be9a21fb3fa9d71ad306ce5e5a496f58dca3e
                    • Instruction Fuzzy Hash: 91D0CA32080208FBCB002BE1FC0DAC93F28EBA9312F00C010FB0E82120CE398842CBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00213C24: EnterCriticalSection.KERNEL32(0021C838,?,?,?,00213C1E,00000000,00000000), ref: 00213C31
                      • Part of subcall function 00213C24: LeaveCriticalSection.KERNEL32(0021C838,?,?,?,00213C1E,00000000,00000000), ref: 00213CDF
                    • RegOpenKeyExW.ADVAPI32(80000000,CLSID,00000000,00020019,?,00000002,00000000,00007530), ref: 00217EFB
                    • RegCloseKey.ADVAPI32(?), ref: 00217F0B
                      • Part of subcall function 00218745: GlobalAlloc.KERNEL32(00000000,?,00000000,?,00217F98,00000200), ref: 0021875F
                      • Part of subcall function 00218745: memset.MSVCRT ref: 00218778
                    • CoUninitialize.OLE32 ref: 00217F5B
                    • MakeAbsoluteSD.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000200), ref: 00218058
                    • CoUninitialize.OLE32 ref: 00218066
                    • GetLastError.KERNEL32 ref: 0021806C
                    • GetLastError.KERNEL32(00000000), ref: 002180AC
                    • CoUninitialize.OLE32(00000002,00000000,00007530), ref: 002180C2
                    • InitializeCriticalSection.KERNEL32(0021C488,00000002,00000000,00007530), ref: 002181D2
                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 002181F5
                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00218204
                    • GetLastError.KERNEL32 ref: 00218246
                    • GetLastError.KERNEL32 ref: 00218276
                    • CoRegisterClassObject.OLE32(002125E0,?,00000015,00000001,?,00000002,00000000,00007530), ref: 002182C0
                    • MsgWaitForMultipleObjects.USER32(00000003,?,00000000,000000FF,00001CFF), ref: 00218343
                    • TranslateMessage.USER32(?), ref: 00218375
                    • DispatchMessageW.USER32(?), ref: 00218382
                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00218394
                    • GetLastError.KERNEL32 ref: 002183C6
                    • GetLastError.KERNEL32 ref: 002183CC
                    • GetLastError.KERNEL32(00000000), ref: 0021841B
                    • EnterCriticalSection.KERNEL32(0021C488,00000001,00000000), ref: 0021843C
                    • CloseHandle.KERNEL32 ref: 00218448
                    • LeaveCriticalSection.KERNEL32(0021C488), ref: 00218459
                    • EnterCriticalSection.KERNEL32(0021C488,00000001,00000000), ref: 0021846C
                    • CloseHandle.KERNEL32 ref: 00218478
                    • LeaveCriticalSection.KERNEL32(0021C488), ref: 00218489
                    • EnterCriticalSection.KERNEL32(0021C488,00000001,00000000), ref: 0021849C
                    • CloseHandle.KERNEL32 ref: 002184A8
                    • LeaveCriticalSection.KERNEL32(0021C488), ref: 002184B9
                    • CoUninitialize.OLE32(00000001,00000000), ref: 002184C3
                    • DeleteCriticalSection.KERNEL32(0021C488,00000001,00000000), ref: 002184E0
                    • CoUninitialize.OLE32(?,?,?,?,00000200), ref: 002184EC
                    • GlobalFree.KERNEL32(?), ref: 0021850D
                    • GlobalFree.KERNEL32(?), ref: 00218526
                    • GlobalFree.KERNEL32(?), ref: 0021853F
                    • GlobalFree.KERNEL32(?), ref: 00218558
                    • GlobalFree.KERNEL32(?), ref: 00218571
                    Strings
                    • CoCreateInstance of CLSID_GlobalOptions failed., xrefs: 00218105
                    • ServiceThreadMain: SetWaitableTimer failed., xrefs: 0021827C
                    • Wait Failed in MsgWait., xrefs: 002183D4
                    • ServiceThreadMain: CreateEvent failed., xrefs: 0021840D
                    • CLSID, xrefs: 00217EF1
                    • ServiceThreadMain: Class registration failed, xrefs: 00218400
                    • ServiceThreadMain: CreateWaitableTimer failed., xrefs: 0021824C
                    • ServiceThreadMain: CoInitializeSecurity failed, xrefs: 002180A0
                    • ServiceThreadMain: CreateSD for CreateWaitableTimer failed., xrefs: 002181B1
                    • Set of COMGLB_UNMARSHALING_POLICY failed., xrefs: 00218163
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: CriticalSection$ErrorLast$Global$FreeUninitialize$CloseEnterLeave$HandleMessage$CreateEvent$AbsoluteAllocClassDeleteDispatchInitializeMakeMultipleObjectObjectsOpenPeekRegisterTranslateWaitmemset
                    • String ID: CLSID$CoCreateInstance of CLSID_GlobalOptions failed.$ServiceThreadMain: Class registration failed$ServiceThreadMain: CoInitializeSecurity failed$ServiceThreadMain: CreateEvent failed.$ServiceThreadMain: CreateSD for CreateWaitableTimer failed.$ServiceThreadMain: CreateWaitableTimer failed.$ServiceThreadMain: SetWaitableTimer failed.$Set of COMGLB_UNMARSHALING_POLICY failed.$Wait Failed in MsgWait.
                    • API String ID: 535215923-1806920385
                    • Opcode ID: f0ec1701548908c6ff78b3a46b66576273d984da49ce96df55bb650436771c07
                    • Instruction ID: 379109d250eeb94fa6efc354df3655911d864273707d2c47cfa866e8aba8b32e
                    • Opcode Fuzzy Hash: f0ec1701548908c6ff78b3a46b66576273d984da49ce96df55bb650436771c07
                    • Instruction Fuzzy Hash: B902D771920229EFEB209F64ACC9EEA77F9EB64704F1081A9F509A2150DF709ED5CF50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ResetEvent.KERNEL32(?), ref: 028A52C0
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 028A52CC
                    • timeGetTime.WINMM ref: 028A52D2
                    • socket.WS2_32(00000002,00000001,00000006), ref: 028A52FF
                    • gethostbyname.WS2_32(?), ref: 028A5323
                    • htons.WS2_32(?), ref: 028A533C
                    • connect.WS2_32(?,?,00000010), ref: 028A535A
                    • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 028A540E
                    • InterlockedExchange.KERNEL32(?,00000001), ref: 028A5417
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: ExchangeInterlocked$EventIoctlResetTimeconnectgethostbynamehtonssockettime
                    • String ID: 0u
                    • API String ID: 3940796591-3203441087
                    • Opcode ID: 44b78ebaed8276bf328f1af2ef39a93ab0047fa231ed9220fb85aab4471c1ac2
                    • Instruction ID: d40a2212001d36f4dbfe421fe35e4e24c3a2dbb15280e9e6925fec328c5c9f54
                    • Opcode Fuzzy Hash: 44b78ebaed8276bf328f1af2ef39a93ab0047fa231ed9220fb85aab4471c1ac2
                    • Instruction Fuzzy Hash: B3515D75A40704ABE720DFA4CC85FAAB7F9FF48700F10461DF64AA76D0D7B0A9098B65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryExW.KERNEL32(ISMIF32.DLL,00000000,00000800,?,00000000), ref: 002157F6
                    • GetProcAddress.KERNEL32(00000000,InstallStatusMIF), ref: 0021580C
                    • GetSystemDefaultLangID.KERNEL32(?,00000000), ref: 0021585C
                    • memset.MSVCRT ref: 0021589D
                    • FormatMessageW.KERNEL32(00001000,00000000,00000000,?,?,00000105,00000000,?,00000000), ref: 002158C5
                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,0021C920,00000100,00000000,00000000,?,00000000), ref: 00215902
                    • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 00215976
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Library$AddressByteCharDefaultFormatFreeLangLoadMessageMultiProcSystemWidememset
                    • String ID: ISMIF32.DLL$InstallStatusMIF$Installer error %i
                    • API String ID: 2186023739-4237920443
                    • Opcode ID: c873ca622f2b0b5a3599e62455a513e158d4457f1ca3a15beee4904f6ca498eb
                    • Instruction ID: 8e65272de25711fbf0d4ce89c7555f8d0967fc8ef5bfa06aaf1e52e1cb12b5ed
                    • Opcode Fuzzy Hash: c873ca622f2b0b5a3599e62455a513e158d4457f1ca3a15beee4904f6ca498eb
                    • Instruction Fuzzy Hash: B241FD706A0329FEE7109F249C8EFFA36D9E775720F2005A5F559E20C0DAF49DE04695
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryW.KERNEL32(kernel32.dll,OLEAUT32.dll,0000005C,?,?,00219046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,002190C6,0000020A,?), ref: 00218F8C
                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00218F9F
                    • GetLastError.KERNEL32(?,00219046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,002190C6,0000020A,?), ref: 00218FAB
                    • FreeLibrary.KERNEL32(00000000,?,00219046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,002190C6,0000020A,?), ref: 00218FE0
                    • SetLastError.KERNEL32(00000000,?,00219046,OLEAUT32.dll,00000000,OLEAUT32.dll,00000000,002190C6,0000020A,?), ref: 00218FE7
                    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00218FF8
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: ErrorLastLibrary$AddressDirectoryFreeLoadProcSystem
                    • String ID: GetSystemWow64DirectoryW$OLEAUT32.dll$kernel32.dll
                    • API String ID: 1648426049-138662608
                    • Opcode ID: 46060c77dc81542291b6983ef5a017c2f5de82f694d1f2f9dc6be9867c0a9dd2
                    • Instruction ID: 47b041439348a859bec2ae09835c831c99e3a8ec644250e5b809b52bd21a83c0
                    • Opcode Fuzzy Hash: 46060c77dc81542291b6983ef5a017c2f5de82f694d1f2f9dc6be9867c0a9dd2
                    • Instruction Fuzzy Hash: 7901F936264212F7D7126B64BC8CADB7BDBDBB4701F668025F502D2550EEB0CC924650
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • lstrlenW.KERNEL32 ref: 00215475
                      • Part of subcall function 00218665: GlobalAlloc.KERNEL32(00000040,?,00000020,-00000002,00000000,?,002166E9,?,?,?), ref: 00218680
                    • CoInitialize.OLE32(00000000), ref: 002154EB
                    • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 002154FF
                    • SetCurrentDirectoryW.KERNEL32(?,?,00000000,00000008), ref: 00215511
                    • GetLastError.KERNEL32(?,00000000,00000008), ref: 0021551B
                    • SetThreadToken.ADVAPI32(00000000,00000000,?,00000000,00000008), ref: 00215534
                    • GetLastError.KERNEL32(?,00000000,00000008), ref: 0021553E
                    • GetProcAddress.KERNEL32(00000000), ref: 00215559
                    • GetLastError.KERNEL32(?,?,00000000,00000008), ref: 00215565
                    • FreeLibrary.KERNEL32(00000000,?,00000000,00000008), ref: 0021558D
                    • CoUninitialize.OLE32(?,00000000,00000008), ref: 00215593
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: ErrorLast$Library$AddressAllocCurrentDirectoryFreeGlobalInitializeLoadProcThreadTokenUninitializelstrlen
                    • String ID:
                    • API String ID: 1429436423-0
                    • Opcode ID: bef1f9fa237f13dd84736a08afe72f48cedbb76d3723c14ba1d1121cdb29398b
                    • Instruction ID: 777b2557d0d3c1de6741cbe50cb5b4a09a9068daedcbb6352a913d77824627de
                    • Opcode Fuzzy Hash: bef1f9fa237f13dd84736a08afe72f48cedbb76d3723c14ba1d1121cdb29398b
                    • Instruction Fuzzy Hash: D2410432A20936EBC7315F24AC487FE72E6ABF4751F5141A9EC46E7250DE34CC918A90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 028A7E44: CloseHandle.KERNEL32(00000000,00000000,00000128,00000002,00000000), ref: 028A7EB2
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 028B1344
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 028B135E
                    • LookupPrivilegeValueA.ADVAPI32(00000000,10027888,?), ref: 028B137F
                      • Part of subcall function 028B0514: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 028B0532
                      • Part of subcall function 028B0514: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 028B0572
                    • GetLengthSid.ADVAPI32(?), ref: 028B14D8
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 028B14EC
                      • Part of subcall function 028B1314: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 028B11CF
                      • Part of subcall function 028B1314: Thread32First.KERNEL32(00000000,?), ref: 028B11E5
                      • Part of subcall function 028B1314: Thread32Next.KERNEL32(00000000,0000001C), ref: 028B12CA
                      • Part of subcall function 028B1314: CloseHandle.KERNEL32(00000000,00000000,?,00000004,00000000,1002F840), ref: 028B12D8
                      • Part of subcall function 028B0744: PostThreadMessageA.USER32(?,?,?,?), ref: 028B0771
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 028B1517
                    • CloseHandle.KERNEL32(?), ref: 028B1535
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 028B154D
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CloseHandle$ProcessToken$LookupOpenPrivilegeThread32Value$AdjustCreateFirstInformationLengthMessageNextPostPrivilegesSnapshotTerminateThreadToolhelp32
                    • String ID:
                    • API String ID: 174829095-3916222277
                    • Opcode ID: 213aba8568fce8b2ef577c7bb5b8b59842359c6621ed9df50aac7cc3ebc13974
                    • Instruction ID: d7abe2a24bed206406dea5a6bda5026e0bca970de3b1908309178bcc9b84db3f
                    • Opcode Fuzzy Hash: 213aba8568fce8b2ef577c7bb5b8b59842359c6621ed9df50aac7cc3ebc13974
                    • Instruction Fuzzy Hash: 05612D79A51208BBDB11EBA4DC85FEF777AAF44700F104518F605BB280DBB5A9018F61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Strings
                    • ResolveDelayLoadsFromDll, xrefs: 00219137
                    • KERNEL32.DLL, xrefs: 00219113
                    • api-ms-win-core-delayload-l1-1-1.dll, xrefs: 00219103
                    • ResolveDelayLoadedAPI, xrefs: 00219123
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID:
                    • String ID: KERNEL32.DLL$ResolveDelayLoadedAPI$ResolveDelayLoadsFromDll$api-ms-win-core-delayload-l1-1-1.dll
                    • API String ID: 0-3594434003
                    • Opcode ID: df2aa3e0002b38906da6929988069621892f2f2595929bcc724dfc61a51a6f3f
                    • Instruction ID: 960d28d32022fc67264721c1e3b96ffe410701941fde646c3ecdbeaf846f8907
                    • Opcode Fuzzy Hash: df2aa3e0002b38906da6929988069621892f2f2595929bcc724dfc61a51a6f3f
                    • Instruction Fuzzy Hash: 00F0BBA65A2633770B316EA46CB69CA16C55937B913264135FC04E7144DB11CCF546A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00219E35: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00219E62
                      • Part of subcall function 00219E35: GetCurrentProcessId.KERNEL32 ref: 00219E71
                      • Part of subcall function 00219E35: GetCurrentThreadId.KERNEL32 ref: 00219E7A
                      • Part of subcall function 00219E35: GetTickCount.KERNEL32 ref: 00219E83
                      • Part of subcall function 00219E35: QueryPerformanceCounter.KERNEL32(?), ref: 00219E98
                    • GetStartupInfoW.KERNEL32(?,0021A310,00000058), ref: 0021934F
                    • Sleep.KERNEL32(000003E8), ref: 00219384
                    • _amsg_exit.MSVCRT ref: 00219399
                    • _initterm.MSVCRT ref: 002193ED
                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00219419
                    • exit.MSVCRT ref: 0021948F
                    • _ismbblead.MSVCRT ref: 002194AA
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                    • String ID:
                    • API String ID: 836923961-0
                    • Opcode ID: d02069dc0013be6b00b57f78859f85a10d7e51241e03a16ec0be7d60e0a27e78
                    • Instruction ID: 5262e5bf4b3513b3b511d6c905bfba6040219d222963df162a04305dfd35f2a4
                    • Opcode Fuzzy Hash: d02069dc0013be6b00b57f78859f85a10d7e51241e03a16ec0be7d60e0a27e78
                    • Instruction Fuzzy Hash: C74115759B4316DFDB218F94E8297EA77E5AB79760F30801BE905D32D0CB7048E28B80
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegisterServiceCtrlHandlerW.ADVAPI32(MSIServer,Function_000085A0), ref: 00217E2A
                    • GetLastError.KERNEL32 ref: 00217E39
                      • Part of subcall function 002159F2: GetLastError.KERNEL32(00000020,00000000,00000000), ref: 00215A12
                      • Part of subcall function 002159F2: RegQueryValueExW.ADVAPI32(?,Debug,00000000,00000000,?,?), ref: 00215A8A
                      • Part of subcall function 002159F2: RegCloseKey.ADVAPI32(?), ref: 00215AAA
                      • Part of subcall function 002159F2: GlobalFree.KERNEL32(?), ref: 00215ABF
                      • Part of subcall function 002159F2: RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Installer\CA,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00215B14
                      • Part of subcall function 002159F2: RegSetValueExW.ADVAPI32(?,LastError,00000000,00000004,?,00000004), ref: 00215B35
                      • Part of subcall function 002159F2: lstrlenW.KERNEL32(ServerMain (CA): Open synchronization event failed), ref: 00215B3C
                      • Part of subcall function 002159F2: RegSetValueExW.ADVAPI32(?,LastErrorMessage,00000000,00000001,ServerMain (CA): Open synchronization event failed,00000000), ref: 00215B59
                      • Part of subcall function 002159F2: RegCloseKey.ADVAPI32(?), ref: 00215B65
                    • CreateThread.KERNEL32(00000000,00000000,Function_00007EB0,00000000,00000000,0021C6A8), ref: 00217E72
                    • GetLastError.KERNEL32(00007530), ref: 00217E80
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: ErrorLastValue$CloseCreate$CtrlFreeGlobalHandlerQueryRegisterServiceThreadlstrlen
                    • String ID: MSIServer$RegisterServiceCtrlHandler failed.
                    • API String ID: 1878216277-870239898
                    • Opcode ID: 3e323b131d4fbfdb9a52b6f9d4221b64ac0ea0c23d293764ccbc4888769e8962
                    • Instruction ID: c6ac42842a2e307723718d4a64758ce8907c92712eca006ff361e7e799ad392a
                    • Opcode Fuzzy Hash: 3e323b131d4fbfdb9a52b6f9d4221b64ac0ea0c23d293764ccbc4888769e8962
                    • Instruction Fuzzy Hash: 9801D6356B4221EBC3206B65BC0DDE72EF9DBFAB61B114152BA09E1190DE70CCA186B1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RtlEnterCriticalSection.NTDLL(?), ref: 028A61B7
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 028A6202
                    • send.WS2_32(?,?,?,00000000), ref: 028A6224
                    • RtlEnterCriticalSection.NTDLL(?), ref: 028A6237
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 028A624A
                    • WSAGetLastError.WS2_32 ref: 028A6280
                    • RtlEnterCriticalSection.NTDLL(?), ref: 028A6294
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 028A62CD
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave$ErrorLastsend
                    • String ID:
                    • API String ID: 3480985631-0
                    • Opcode ID: c983e8cfd3fe7a97733a19e4025bda8ca667d19a9a9c73aa26b38fdbd94399c0
                    • Instruction ID: 77df854a1a406670ffede7f7db9eac169e2f2b6f0ed1db27a5190427caf7bc29
                    • Opcode Fuzzy Hash: c983e8cfd3fe7a97733a19e4025bda8ca667d19a9a9c73aa26b38fdbd94399c0
                    • Instruction Fuzzy Hash: 42512C79904A159FE724CF78C994AABF7F8FB49310F144A2ED92EC3640EB31A505CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 028A7B68
                    • LoadLibraryA.KERNEL32(?), ref: 028A7B84
                    • GetProcessHeap.KERNEL32(00000000,?,?), ref: 028A7BAA
                    • RtlReAllocateHeap.NTDLL(00000000), ref: 028A7BB1
                    • GetProcessHeap.KERNEL32(00000000,?), ref: 028A7BBB
                    • RtlAllocateHeap.NTDLL(00000000), ref: 028A7BC2
                    • GetProcAddress.KERNEL32(00000000,?), ref: 028A7C0F
                    • IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 028A7C32
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: Heap$AllocateHugeProcessRead$AddressLibraryLoadProc
                    • String ID:
                    • API String ID: 2432896279-0
                    • Opcode ID: a4162a36995399baae44d2e32b594409e039bc91f24836995a52a82dda8b358e
                    • Instruction ID: f1b908f5b35f33a315312328411a3607c026d6257de3e471ea32fe692c70f382
                    • Opcode Fuzzy Hash: a4162a36995399baae44d2e32b594409e039bc91f24836995a52a82dda8b358e
                    • Instruction Fuzzy Hash: 09416B79A0020ADFFB108F68CC94B6AB7A8FF44719F158169E90DD7351EB31E9429B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __setlocale_get_all_strcspn_strlen_strncmp_strpbrk
                    • String ID:
                    • API String ID: 3252769141-0
                    • Opcode ID: 8b972dcf249a51d321e0cc1a25437e4d4a5e5a9e899c808c2915b681c6e56564
                    • Instruction ID: 4579c6e115795a5746936d899b3c2229b7399c8ffffa15515a5030fbae3bc328
                    • Opcode Fuzzy Hash: 8b972dcf249a51d321e0cc1a25437e4d4a5e5a9e899c808c2915b681c6e56564
                    • Instruction Fuzzy Hash: 4A51E57ED002199EEF329A748C84BEA76A9AF01358F1444EED61DE3342EB359984CF11
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: lstrlen
                    • String ID: MSIINSTANCEGUID=
                    • API String ID: 1659193697-2015669138
                    • Opcode ID: 8b35d2f2449f1f3fc1b5e332b351ab4669b43756e351d3445a27379120c829a5
                    • Instruction ID: 60d6021a6ea5e41a0c18760d7cc2bf338ceecfc536fcabe2a0b21b3b0b55dfa3
                    • Opcode Fuzzy Hash: 8b35d2f2449f1f3fc1b5e332b351ab4669b43756e351d3445a27379120c829a5
                    • Instruction Fuzzy Hash: 81416D35A10224DBCB11EB70FC8DBDA77F9BB6C324F154164EA49A3290EF749DA18B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleW.KERNEL32(100295C0,?,028B63E2,1002D090,00000008,028B6576,?,?,?,1002D0B0,0000000C,028B6631,?), ref: 028BC3E8
                    • __mtterm.LIBCMT ref: 028BC3F4
                      • Part of subcall function 028BC0BF: RtlDecodePointer.NTDLL(1002FC9C), ref: 028BC0D0
                      • Part of subcall function 028BC0BF: TlsFree.KERNEL32(1002FCA0,028B64A5,028B648B,1002D090,00000008,028B6576,?,?,?,1002D0B0,0000000C,028B6631,?), ref: 028BC0EA
                      • Part of subcall function 028BC0BF: _free.LIBCMT ref: 028BECCA
                    • TlsAlloc.KERNEL32(?,?,028B63E2,1002D090,00000008,028B6576,?,?,?,1002D0B0,0000000C,028B6631,?), ref: 028BC481
                    • __init_pointers.LIBCMT ref: 028BC4A6
                    • __calloc_crt.LIBCMT ref: 028BC514
                    • GetCurrentThreadId.KERNEL32 ref: 028BC540
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
                    • String ID:
                    • API String ID: 347030822-0
                    • Opcode ID: 12e99c80e21cb94e70e4b6d6703bfb5c16548aa607dfcf1d1070f879afc85ebf
                    • Instruction ID: 69a97be218fb31c8ef4e56eabef06f1ab5172788bd6111f07748b53b7b2d502d
                    • Opcode Fuzzy Hash: 12e99c80e21cb94e70e4b6d6703bfb5c16548aa607dfcf1d1070f879afc85ebf
                    • Instruction Fuzzy Hash: 63314D389046749EEB13AF798D886D63FB6FF4A360718052BE408D62A1EB349045CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 028A5EC8
                    • send.WS2_32(?,10027490,00000010,00000000), ref: 028A5F01
                    • SetEvent.KERNEL32(00040000), ref: 028A5F24
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 028A5F2F
                    • WSACloseEvent.WS2_32(?), ref: 028A5F3D
                    • shutdown.WS2_32(?,00000001), ref: 028A5F51
                    • closesocket.WS2_32(?), ref: 028A5F5B
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: Event$CloseCurrentExchangeInterlockedThreadclosesocketsendshutdown
                    • String ID:
                    • API String ID: 2609651166-0
                    • Opcode ID: 1051c8803a86a7f00e0a2abc9789f8ec58f828892bf28140c87b44843692ec02
                    • Instruction ID: 2fa8d23d20c79363462954efb85343defa2d20f6c3c409e55b54aa1276dd4b54
                    • Opcode Fuzzy Hash: 1051c8803a86a7f00e0a2abc9789f8ec58f828892bf28140c87b44843692ec02
                    • Instruction Fuzzy Hash: 7411D339600B209BE6309B3DDC9895BB7F9FF907157540A0DF54AC2A90DF39E882CB10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 028B5244
                    • __calloc_crt.LIBCMT ref: 028B5250
                    • __getptd.LIBCMT ref: 028B525D
                    • CreateThread.KERNEL32(?,?,100135B6,00000000,?,10003590), ref: 028B5294
                    • GetLastError.KERNEL32(?,10027290,?,?,028A5439,00000000,00000000,10003590,?,00000000,00000065), ref: 028B529E
                    • _free.LIBCMT ref: 028B52A7
                    • __dosmaperr.LIBCMT ref: 028B52B2
                      • Part of subcall function 028B5111: __getptd_noexit.LIBCMT ref: 028B5111
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                    • String ID:
                    • API String ID: 155776804-0
                    • Opcode ID: 52201d3a523fc3ca3f3ac5e7edf166835b3bca7351e5067331d6e8010e25afda
                    • Instruction ID: 29780267dea1aacd49cc7bb82987f8fc85c1f0bc52fe72a6386a3d2a0362c78d
                    • Opcode Fuzzy Hash: 52201d3a523fc3ca3f3ac5e7edf166835b3bca7351e5067331d6e8010e25afda
                    • Instruction Fuzzy Hash: 74110C3E50670A6FD723AFA8DC419DB779AEF05774B10002EF918C7351DB75D4018AA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleExW.KERNEL32(00000000,Msi.dll,00000000,00000000,?,?,00213B73), ref: 00215C06
                    • GetProcAddress.KERNEL32(00000000,QueryInstanceCount), ref: 00215C18
                    • FreeLibrary.KERNEL32(00000000,?,?,00213B73), ref: 00215C35
                    • FreeLibrary.KERNEL32(00000000,?,?,00213B73), ref: 00215C42
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: FreeLibrary$AddressHandleModuleProc
                    • String ID: Msi.dll$QueryInstanceCount
                    • API String ID: 1227796897-1207408768
                    • Opcode ID: 76bc7870b47a00ceafe59ee13355ea6a9c502cbd54fbdfe33d3135d2c9425789
                    • Instruction ID: a8a9ff26180ed4281539256174ab1e4ae8f972a2b9e6a3d5d2de42902097138b
                    • Opcode Fuzzy Hash: 76bc7870b47a00ceafe59ee13355ea6a9c502cbd54fbdfe33d3135d2c9425789
                    • Instruction Fuzzy Hash: FEF0B431660229FBCB005F60ED0DBDE7AE9EF74746F1041A1A816E1060DF34CE20DA94
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • ___set_flsgetvalue.LIBCMT ref: 028B51C0
                      • Part of subcall function 028BC06E: TlsGetValue.KERNEL32(0000FFFF,028BC1C7,?,0000FFFF,028B5116,028C2A8D), ref: 028BC077
                      • Part of subcall function 028BC06E: RtlDecodePointer.NTDLL ref: 028BC089
                      • Part of subcall function 028BC06E: TlsSetValue.KERNEL32(00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028BC098
                    • ___fls_getvalue@4.LIBCMT ref: 028B51CB
                      • Part of subcall function 028BC04E: TlsGetValue.KERNEL32(?,?,028B51D0,00000000), ref: 028BC05C
                    • ___fls_setvalue@8.LIBCMT ref: 028B51DE
                      • Part of subcall function 028BC0A2: RtlDecodePointer.NTDLL(?), ref: 028BC0B3
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 028B51E7
                    • RtlExitUserThread.NTDLL(00000000), ref: 028B51EE
                    • GetCurrentThreadId.KERNEL32 ref: 028B51F4
                    • __freefls@4.LIBCMT ref: 028B5214
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLastUser___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                    • String ID:
                    • API String ID: 2876972746-0
                    • Opcode ID: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction ID: 149c5df9dad369ab920e83c8ba5562e4334b279799eab33c84133b1f06fd75f4
                    • Opcode Fuzzy Hash: 216e92abe466d0e86ea5d5cfabd3c967034cb8676e291515e64118fc63808416
                    • Instruction Fuzzy Hash: 28F01D7C401705AFD716BFA9C94888E7BAAAF5870472085ADE809C7311DB38D847CFA2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: lstrlen
                    • String ID: PECMS$PackageCode$REINSTALL=ALL REINSTALLMODE=%s$rpoedcamusv
                    • API String ID: 1659193697-1647986965
                    • Opcode ID: b29cfddceab781792d2146def2219add519d7f23563df1218b3ad8b652cd58a4
                    • Instruction ID: 0d499a464246a73cdff6901aef54985de3e20642511492be1dbd4f4886e2bb2a
                    • Opcode Fuzzy Hash: b29cfddceab781792d2146def2219add519d7f23563df1218b3ad8b652cd58a4
                    • Instruction Fuzzy Hash: FA61E472628752DBD730DE64DC95BEB73E8ABF8310F10486AFD49C7180EB70D9948681
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 028B5F5E: _doexit.LIBCMT ref: 028B5F6A
                    • ___set_flsgetvalue.LIBCMT ref: 028B51C0
                      • Part of subcall function 028BC06E: TlsGetValue.KERNEL32(0000FFFF,028BC1C7,?,0000FFFF,028B5116,028C2A8D), ref: 028BC077
                      • Part of subcall function 028BC06E: RtlDecodePointer.NTDLL ref: 028BC089
                      • Part of subcall function 028BC06E: TlsSetValue.KERNEL32(00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028BC098
                    • ___fls_getvalue@4.LIBCMT ref: 028B51CB
                      • Part of subcall function 028BC04E: TlsGetValue.KERNEL32(?,?,028B51D0,00000000), ref: 028BC05C
                    • ___fls_setvalue@8.LIBCMT ref: 028B51DE
                      • Part of subcall function 028BC0A2: RtlDecodePointer.NTDLL(?), ref: 028BC0B3
                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 028B51E7
                    • RtlExitUserThread.NTDLL(00000000), ref: 028B51EE
                    • GetCurrentThreadId.KERNEL32 ref: 028B51F4
                    • __freefls@4.LIBCMT ref: 028B5214
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: Value$DecodePointerThread$CurrentErrorExitLastUser___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                    • String ID:
                    • API String ID: 811752470-0
                    • Opcode ID: 590cf90621574e87cd317b2ce967786c3d20177de05e1b12906cbabe0a5a7e5c
                    • Instruction ID: d4381aca29e02111de9a0288ba9084d9303a3fcd5f902efb88774c6024a1ffac
                    • Opcode Fuzzy Hash: 590cf90621574e87cd317b2ce967786c3d20177de05e1b12906cbabe0a5a7e5c
                    • Instruction Fuzzy Hash: 6CE06D7C80131AAFDB127FBD8C094DF7A6EAE14701B600469ED29D2310DB2898538FA3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 0021878A: GlobalAlloc.KERNEL32(00000040,00000000,00000000,00000001,00000000,?,00215E28,00000100), ref: 002187A2
                      • Part of subcall function 0021878A: GlobalFree.KERNEL32(?), ref: 002187C0
                    • GetModuleFileNameW.KERNEL32(?,00000104,00000104,?,?,00001388,?,0021A2B0,000000A8,00216E7E,00000000,00000000,?), ref: 00214457
                    • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,0021A2B0,000000A8,00216E7E,00000000,00000000,?), ref: 002144E0
                    • GlobalFree.KERNEL32(?), ref: 0021450F
                    • GlobalFree.KERNEL32(?), ref: 00214590
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Global$Free$Alloc$FileModuleName
                    • String ID: %d.%d.%.4d.%d
                    • API String ID: 906160587-3399825337
                    • Opcode ID: c39cb452c449beefab28a6961ec79e8c5765315a7d8b6cbcaabf125dbd7f5fad
                    • Instruction ID: c7b9015bc114f96cfb2e5cbb2847e5687f2a9cadd7f0976dc57e56232e807073
                    • Opcode Fuzzy Hash: c39cb452c449beefab28a6961ec79e8c5765315a7d8b6cbcaabf125dbd7f5fad
                    • Instruction Fuzzy Hash: 22714971A10229AFDB20DF64DD44BEEBBB9AF69310F1041A9A94DA3291DB305E94CF11
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryExA.KERNEL32(?), ref: 002191E4
                    • GetProcAddress.KERNEL32(?,?), ref: 0021924F
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: $
                    • API String ID: 2574300362-3993045852
                    • Opcode ID: 9c23319980730e5818f3b67f4fec269b22bdc2e2cc864c0226d4b791ce9b790b
                    • Instruction ID: 36c9b038931d394362c16577bc87799d918a3ce57c99dbbe16ebc52e05ca5d0c
                    • Opcode Fuzzy Hash: 9c23319980730e5818f3b67f4fec269b22bdc2e2cc864c0226d4b791ce9b790b
                    • Instruction Fuzzy Hash: 47318D71A10219EFCB00CFA9D854AEEBBF5EF69750F148059EC08E7250DB31AD91CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • EnterCriticalSection.KERNEL32(0021C838,?,?,?,00213C1E,00000000,00000000), ref: 00213C31
                    • SetServiceStatus.ADVAPI32(0021C850,?,?,?,00213C1E,00000000,00000000), ref: 00213CC0
                    • GetLastError.KERNEL32(?,?,?,00213C1E,00000000,00000000), ref: 00213CCC
                    • LeaveCriticalSection.KERNEL32(0021C838,?,?,?,00213C1E,00000000,00000000), ref: 00213CDF
                    Strings
                    • SetServiceStatus failed., xrefs: 00213CD4
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterErrorLastLeaveServiceStatus
                    • String ID: SetServiceStatus failed.
                    • API String ID: 427148986-1344523210
                    • Opcode ID: 8b97e86ef20a00243731e78d48f789489dd87a41587d9a801c0cb328e7e943f1
                    • Instruction ID: fa2cc497a1ef982043903e42980e55ff8366d34e2dfd20eadd00bc38da13be13
                    • Opcode Fuzzy Hash: 8b97e86ef20a00243731e78d48f789489dd87a41587d9a801c0cb328e7e943f1
                    • Instruction Fuzzy Hash: 4B1163799A0165DBC712DF29FC8C7D577E6E778761F22802BE805A3220CBB18994CBD0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • Sleep.KERNEL32(0000000A,?,00218B8F,?,?), ref: 00218AE8
                    • LoadLibraryW.KERNEL32(COMCTL32,00218B8F,?,?), ref: 00218B10
                    • GetProcAddress.KERNEL32(?,InitCommonControlsEx), ref: 00218B2E
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProcSleep
                    • String ID: COMCTL32$InitCommonControlsEx
                    • API String ID: 188063004-472741233
                    • Opcode ID: b9a1c15f251f70b6aba9a1aa4ae4667d9cc331e6655bf8753bc1489cd05b792a
                    • Instruction ID: 262139b2d51c2c02d05356dc1fa07d34375b1bc6faf5d250ac03a9a425dc26aa
                    • Opcode Fuzzy Hash: b9a1c15f251f70b6aba9a1aa4ae4667d9cc331e6655bf8753bc1489cd05b792a
                    • Instruction Fuzzy Hash: 37F06D756A8247DBD7128B24BC8CBD37AF5AB79749F248426E800D6260EF31C4A1CB11
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetVersion.KERNEL32(00216E67,?), ref: 002163A0
                    • GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 002163B3
                    • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 002163C4
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressHandleModuleProcVersion
                    • String ID: HeapSetInformation$Kernel32.dll
                    • API String ID: 3310240892-3460614246
                    • Opcode ID: f945e58b6ff746c5de74bd6430b77b35c9a0ae13248d1871e554c38b7731b97a
                    • Instruction ID: 556359d1f76ddc7f9a96152f6234ab9d6201f18b324bae7988f2215e7530d2aa
                    • Opcode Fuzzy Hash: f945e58b6ff746c5de74bd6430b77b35c9a0ae13248d1871e554c38b7731b97a
                    • Instruction Fuzzy Hash: A0E04F30760222ABDA601BB17C8CBDB7A8D9B21F42710C491B915E1290DE20CCA18670
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RtlEnterCriticalSection.NTDLL(?), ref: 028A5AC2
                    • WSASetLastError.WS2_32(0000000D), ref: 028A5ADA
                    • RtlLeaveCriticalSection.NTDLL(?), ref: 028A5AE1
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterErrorLastLeave
                    • String ID:
                    • API String ID: 4082018349-0
                    • Opcode ID: 2e32f795b0df08dd5198922dbd234f90276beaa67856b30e10c9fcc86bd596ad
                    • Instruction ID: 99bd3d0962fb66f693c9c0fed41129f5fb01dfa730215e7bfbc7a3049425f41c
                    • Opcode Fuzzy Hash: 2e32f795b0df08dd5198922dbd234f90276beaa67856b30e10c9fcc86bd596ad
                    • Instruction Fuzzy Hash: CF31D3BAA00244AFE720CB59DC91F6BB3ACFB48715F50451EF906D7680DB79B841CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 028AD1D1
                    • std::_Lockit::_Lockit.LIBCPMT ref: 028AD1F4
                    • __CxxThrowException@8.LIBCMT ref: 028AD286
                    • std::_Lockit::_Lockit.LIBCPMT ref: 028AD299
                    • std::locale::facet::_Facet_Register.LIBCPMT ref: 028AD2B3
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::locale::facet::_
                    • String ID:
                    • API String ID: 2895652726-0
                    • Opcode ID: 4f5d3893930336ad9f91cb0a9b595b4ef4c1c753027342c99c80332f5b8973a6
                    • Instruction ID: a3169202d1cf80690dfc69c74f5d3d13226839704048e6c109317782242cfd48
                    • Opcode Fuzzy Hash: 4f5d3893930336ad9f91cb0a9b595b4ef4c1c753027342c99c80332f5b8973a6
                    • Instruction Fuzzy Hash: E931AF7D9012149FEB15DF58C9A0BEE77A4FF04320F004669E816E7BD5DB30A905CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • recv.WS2_32(028A6CA1,?,00000598,00000000), ref: 028A69C8
                    • SetLastError.KERNEL32(00000000,?,00000001,028A6CA1), ref: 028A6A03
                    • GetLastError.KERNEL32 ref: 028A6A53
                    • WSAGetLastError.WS2_32(?,00000001,028A6CA1), ref: 028A6A86
                    • WSASetLastError.WS2_32(0000000D,?,00000001,028A6CA1), ref: 028A6AAD
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: ErrorLast$recv
                    • String ID:
                    • API String ID: 316788870-0
                    • Opcode ID: 64d3a0e672f84c2be56cee985c0e820edbafee9c4799b7bb2106a1d4dd02f221
                    • Instruction ID: 2431996fd35e6681f2656c17eb98af7b40bcabe880f650f4ce0b5d44907050f7
                    • Opcode Fuzzy Hash: 64d3a0e672f84c2be56cee985c0e820edbafee9c4799b7bb2106a1d4dd02f221
                    • Instruction Fuzzy Hash: F031D67D6017208FFB24DB68C8E8B5A77A9FB85315F18491EE14BC3694EF31F8818A10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 028B59C5
                      • Part of subcall function 028B4967: __FF_MSGBANNER.LIBCMT ref: 028B4980
                      • Part of subcall function 028B4967: __NMSG_WRITE.LIBCMT ref: 028B4987
                      • Part of subcall function 028B4967: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 028B49AC
                    • _free.LIBCMT ref: 028B59D8
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: AllocateHeap_free_malloc
                    • String ID:
                    • API String ID: 1020059152-0
                    • Opcode ID: 8c8f50c2d068b7615b6275643a8fdaa27b93d96ccd56a20df4b37808c6848bb4
                    • Instruction ID: bf65d02e52067e48ea6e281deff096399ef7990a41741c5a5026126bb7b25533
                    • Opcode Fuzzy Hash: 8c8f50c2d068b7615b6275643a8fdaa27b93d96ccd56a20df4b37808c6848bb4
                    • Instruction Fuzzy Hash: 03110D3E504215ABCB232B789C457DE3756AF46371F60402DE84DEB350DB3884658A91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 028AA2C6
                      • Part of subcall function 028B291F: _setlocale.LIBCMT ref: 028B2931
                    • _free.LIBCMT ref: 028AA2D8
                      • Part of subcall function 028B4A7E: HeapFree.KERNEL32(00000000,00000000,?,028BC21A,00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028B4A94
                      • Part of subcall function 028B4A7E: GetLastError.KERNEL32(00000000,?,028BC21A,00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028B4AA6
                    • _free.LIBCMT ref: 028AA2EB
                    • _free.LIBCMT ref: 028AA2FE
                    • _free.LIBCMT ref: 028AA311
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                    • String ID:
                    • API String ID: 3515823920-0
                    • Opcode ID: b1320013ab2a6e938d5b1b0e42c4459ee2e88dc9f6a1e41d07c1818aa2f516bc
                    • Instruction ID: d3a6eed53cf7757be43fb05ab6d1988c22f52a5aa90a16746c51bfd5d32ed0fd
                    • Opcode Fuzzy Hash: b1320013ab2a6e938d5b1b0e42c4459ee2e88dc9f6a1e41d07c1818aa2f516bc
                    • Instruction Fuzzy Hash: C111B2B9D00A00ABD631DF5DDC41A5BF7F9EF45710F244A2EE41AC3B40EB71E9148A92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00219E62
                    • GetCurrentProcessId.KERNEL32 ref: 00219E71
                    • GetCurrentThreadId.KERNEL32 ref: 00219E7A
                    • GetTickCount.KERNEL32 ref: 00219E83
                    • QueryPerformanceCounter.KERNEL32(?), ref: 00219E98
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                    • String ID:
                    • API String ID: 1445889803-0
                    • Opcode ID: b2b804cfe11e76a37376ed5b22c0bbf3b68af9e966f44e53b33ba2e24a65261f
                    • Instruction ID: a0cf78d9383144f0fec96dabc0befb0ed5a49acf2c850c3510f2c69f94d454c0
                    • Opcode Fuzzy Hash: b2b804cfe11e76a37376ed5b22c0bbf3b68af9e966f44e53b33ba2e24a65261f
                    • Instruction Fuzzy Hash: FB110675D10208EBCB14DFB8E94C6DEB7F5FF68314F61886AD40AE7210EB309A508B40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __CreateFrameInfo.LIBCMT ref: 028B98CD
                      • Part of subcall function 028B4E17: __getptd.LIBCMT ref: 028B4E25
                      • Part of subcall function 028B4E17: __getptd.LIBCMT ref: 028B4E33
                    • __getptd.LIBCMT ref: 028B98D7
                      • Part of subcall function 028BC229: __getptd_noexit.LIBCMT ref: 028BC22C
                      • Part of subcall function 028BC229: __amsg_exit.LIBCMT ref: 028BC239
                    • __getptd.LIBCMT ref: 028B98E5
                    • __getptd.LIBCMT ref: 028B98F3
                    • __getptd.LIBCMT ref: 028B98FE
                      • Part of subcall function 028B4EBC: __CallSettingFrame@12.LIBCMT ref: 028B4F08
                      • Part of subcall function 028B99CB: __getptd.LIBCMT ref: 028B99DA
                      • Part of subcall function 028B99CB: __getptd.LIBCMT ref: 028B99E8
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                    • String ID:
                    • API String ID: 3282538202-0
                    • Opcode ID: 9c0a5c161a8e2c1b15864db23af9a3b49f8f2ebe87976c302c13bf6f9655ecab
                    • Instruction ID: 62bcf87949c25af514e8ad57e43f6fa3a79e663e0d52ec75899a39bb67982d32
                    • Opcode Fuzzy Hash: 9c0a5c161a8e2c1b15864db23af9a3b49f8f2ebe87976c302c13bf6f9655ecab
                    • Instruction Fuzzy Hash: FE11B679C00209DFDB01EFE8E845AEE77B1EF08315F10846AE864AB350DB3899159F51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GetModuleHandleW.KERNEL32(100295C0,1002D350,00000008,028BC204,00000000,00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028BC10D
                    • __lock.LIBCMT ref: 028BC141
                      • Part of subcall function 028BEDDA: __mtinitlocknum.LIBCMT ref: 028BEDF0
                      • Part of subcall function 028BEDDA: __amsg_exit.LIBCMT ref: 028BEDFC
                      • Part of subcall function 028BEDDA: RtlEnterCriticalSection.NTDLL(00000001), ref: 028BEE04
                    • InterlockedIncrement.KERNEL32(?), ref: 028BC14E
                    • __lock.LIBCMT ref: 028BC162
                    • ___addlocaleref.LIBCMT ref: 028BC180
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                    • String ID:
                    • API String ID: 637971194-0
                    • Opcode ID: 768fbc726d92abb0bb228344006085a731e37b07853c9766efa8d1f6e48e993b
                    • Instruction ID: 8b91913f54b13ac86c1ae2690d806921675dd72a4643bc4bcdbe63bd5dbf68b5
                    • Opcode Fuzzy Hash: 768fbc726d92abb0bb228344006085a731e37b07853c9766efa8d1f6e48e993b
                    • Instruction Fuzzy Hash: 8F016579401B00DFE721EF69D904789BBE1BF14320F60854FD49A977A0CBB4A640CF12
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 028A4EE0
                    • CancelIo.KERNEL32(?), ref: 028A4EEA
                    • InterlockedExchange.KERNEL32(00000000,00000000), ref: 028A4EF3
                    • closesocket.WS2_32(?), ref: 028A4EFD
                    • SetEvent.KERNEL32(00000001), ref: 028A4F07
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                    • String ID:
                    • API String ID: 1486965892-0
                    • Opcode ID: 5c4df38dcddf7cb9d1617a7fc0b9eb93d91a11a3f0a906413ff34a1e3632f966
                    • Instruction ID: 82bce6c35479e0f17d6f0839cddab31ef93d5ea6288a1e21edb3e615c013afa6
                    • Opcode Fuzzy Hash: 5c4df38dcddf7cb9d1617a7fc0b9eb93d91a11a3f0a906413ff34a1e3632f966
                    • Instruction Fuzzy Hash: 55F0FF76100715EBE330DB58CD89F5677B8FB89B11F204658F69A97690CBB0B509CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 028BE6D0
                      • Part of subcall function 028BC229: __getptd_noexit.LIBCMT ref: 028BC22C
                      • Part of subcall function 028BC229: __amsg_exit.LIBCMT ref: 028BC239
                    • __getptd.LIBCMT ref: 028BE6E7
                    • __amsg_exit.LIBCMT ref: 028BE6F5
                    • __lock.LIBCMT ref: 028BE705
                    • __updatetlocinfoEx_nolock.LIBCMT ref: 028BE719
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                    • String ID:
                    • API String ID: 938513278-0
                    • Opcode ID: 087a6bdd3a1762fe5990592ff04e432f842b3332d3b36b8464343aa072908743
                    • Instruction ID: 0055838a2146d2f5abe3035c3fab4ef502be3f93a931646008f69e3887208af2
                    • Opcode Fuzzy Hash: 087a6bdd3a1762fe5990592ff04e432f842b3332d3b36b8464343aa072908743
                    • Instruction Fuzzy Hash: D8F0903E905210EFE623BBBCA805BCD3391AF00725F90410EE525EB7E2CB686541CE5B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00219B4E
                    • ?terminate@@YAXXZ.MSVCRT ref: 00219BF7
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: ?terminate@@CurrentImageNonwritable
                    • String ID: csm$csm
                    • API String ID: 3343398186-3733052814
                    • Opcode ID: 542ea2e4f2d2cc49b0378b6126d7dacaf01853e149cb1495ac482ae4c297a020
                    • Instruction ID: e6b753480a544a5df8ed9a3773a7b4a337eaf9a8019980f3b4bd3185b9a2404b
                    • Opcode Fuzzy Hash: 542ea2e4f2d2cc49b0378b6126d7dacaf01853e149cb1495ac482ae4c297a020
                    • Instruction Fuzzy Hash: B351D434A102099BCF10DF68D894AEE7BF5EF64318F148055E8199B291D731DEE1CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • IsCharAlphaNumericW.USER32(?,00000000,00000104,00000000,?,?,?,?,?,00216B65,?,?,?), ref: 0021614F
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AlphaCharNumeric
                    • String ID: "$Property value is too long.$ek!
                    • API String ID: 1535711457-2811201598
                    • Opcode ID: 4c78d886d890944d6ab569e0de1df4263216d8766da5e8e5349671832c3155a9
                    • Instruction ID: 99a99cf593d4d18e93f4f8269599270b0ac41c8097b8c9e909df7e9d8256fe7d
                    • Opcode Fuzzy Hash: 4c78d886d890944d6ab569e0de1df4263216d8766da5e8e5349671832c3155a9
                    • Instruction Fuzzy Hash: 7241B775A101229ACB24EF6984585FEB3F1EB78710B648425DCC5D7284F7348DE1D790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryW.KERNEL32(Msi.dll), ref: 00213D10
                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00213D29
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: DllGetClassObject$Msi.dll
                    • API String ID: 2574300362-3279299384
                    • Opcode ID: f9c96a649ba20dc5001e27b072f111ac8075a4e89471747d3893cd13fbdac9b6
                    • Instruction ID: 54cbc71cbdaf92dc450fd5f0ce6692a4a72855db2a0b23c158147ee78625e3bc
                    • Opcode Fuzzy Hash: f9c96a649ba20dc5001e27b072f111ac8075a4e89471747d3893cd13fbdac9b6
                    • Instruction Fuzzy Hash: E0312C35B60225EFCB04DB68EC58D9EB7F9EF697107114069F816E32A0DE70AE518B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: _memset$_mallocgethostname
                    • String ID: SYSTEM\Setup
                    • API String ID: 3408214736-1397563030
                    • Opcode ID: c9ffdf8b720a84180d0d7c2c5591c963257f3da7358db23fbcde2a2d46f2882d
                    • Instruction ID: 5bdbab14325b2cca28fba838a6612e221838488e05df824d430d1c16526845ed
                    • Opcode Fuzzy Hash: c9ffdf8b720a84180d0d7c2c5591c963257f3da7358db23fbcde2a2d46f2882d
                    • Instruction Fuzzy Hash: A831E8B4900264AFEB21DF698C95FDE77B8FB49710F10415DE608A7381D7705A01CF99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • LoadLibraryW.KERNEL32(Msi.dll,00000000,00000000,?,?,?,002176B2), ref: 00213E19
                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00213E2E
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: DllGetClassObject$Msi.dll
                    • API String ID: 2574300362-3279299384
                    • Opcode ID: 846f5153cdb4e043b68902e3b7e72c20db47a536b3d1f37fd1d5eeb9b16972b7
                    • Instruction ID: 8d3a7bc1a83a605acb609aba56f1fe469108641387e5cfca5048ffe7b766e83b
                    • Opcode Fuzzy Hash: 846f5153cdb4e043b68902e3b7e72c20db47a536b3d1f37fd1d5eeb9b16972b7
                    • Instruction Fuzzy Hash: 44111C71A60619EFDB10DB54DC58AEAB7E9EF28755B1080A8F815E3250DA70EE508B50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • Sleep.KERNEL32(0000000A), ref: 00218A77
                    • LoadLibraryW.KERNEL32(COMCTL32), ref: 00218AA1
                    • GetProcAddress.KERNEL32(?), ref: 00218AC1
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProcSleep
                    • String ID: COMCTL32
                    • API String ID: 188063004-3719691325
                    • Opcode ID: a58b98ed8365663a8c1927b171d769ca6eedfc80526e538137febae8f42e57ce
                    • Instruction ID: ed5ed35042ea5b7355a9f7ae2eeb61013ff8fb5542194dffd59f4d6ac15b5b8a
                    • Opcode Fuzzy Hash: a58b98ed8365663a8c1927b171d769ca6eedfc80526e538137febae8f42e57ce
                    • Instruction Fuzzy Hash: 1001B136654212AFD7299F39FC1D6A63AE9EFB6310F28843EE541D7250EE71CC4187A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,10027628,?), ref: 028A78D6
                    • RegSetValueExA.ADVAPI32(?,10027620,00000000,00000001,?,?), ref: 028A7902
                    • RegCloseKey.ADVAPI32(?), ref: 028A790D
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CloseCreateValue
                    • String ID: SYSTEM\Setup
                    • API String ID: 1818849710-1397563030
                    • Opcode ID: 1531b198c8937c57f97394655215b538626a6dedd187faa1e2281873f503604a
                    • Instruction ID: de4f2a49e0644e5f4d96c422c365053dcf4fdc8ee74abd6192066bd56de15780
                    • Opcode Fuzzy Hash: 1531b198c8937c57f97394655215b538626a6dedd187faa1e2281873f503604a
                    • Instruction Fuzzy Hash: CBF0E27A600118FFE700CB949C89FFA776CEB48311F204145FE09D3201DB30EE099694
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,10027628,?), ref: 028A7876
                    • RegSetValueExA.ADVAPI32(?,10027618,00000000,00000001,?,?), ref: 028A78A2
                    • RegCloseKey.ADVAPI32(?), ref: 028A78AD
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CloseCreateValue
                    • String ID: SYSTEM\Setup
                    • API String ID: 1818849710-1397563030
                    • Opcode ID: a5749bc39feec96681431c9a0d17588fa11fd8d834cde4cb914a7478d4417bbf
                    • Instruction ID: bf1f6c4a4565d37c96d5118df38fd01e271f983ea5093674c75a66091c168966
                    • Opcode Fuzzy Hash: a5749bc39feec96681431c9a0d17588fa11fd8d834cde4cb914a7478d4417bbf
                    • Instruction Fuzzy Hash: 7EF05E7A600115FBE714CB949C99EBA776CEB85711F204145FE0997241CB319A0996A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: memcpy
                    • String ID: `
                    • API String ID: 3510742995-2679148245
                    • Opcode ID: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
                    • Instruction ID: c545fb5b571c0ffd39c355c034ed741b426408b26c3f2fba1006dbed9ebb649b
                    • Opcode Fuzzy Hash: 22cc49c760ed817d82a9f6d9a9af561a998335de2e3d08d25fca75c9c41e2a2f
                    • Instruction Fuzzy Hash: 1751B872A20225AFCB14CFA8C8856EEB7F5FF6C310B154569E914DB380E771AE90C790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • lstrcmpW.KERNEL32(?,002113CC,?,mewuifsoarpcvxgh!), ref: 00214A83
                    • lstrcmpW.KERNEL32(?,002113D0,?,mewuifsoarpcvxgh!), ref: 00214A93
                    • lstrcmpW.KERNEL32(?,002113D8,?,mewuifsoarpcvxgh!), ref: 00214AA3
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: lstrcmp
                    • String ID: mewuifsoarpcvxgh!
                    • API String ID: 1534048567-2729521250
                    • Opcode ID: 868ee2678dab0e6b7c3bc9af1cb3949434a580d0728f476c2da74b150453ebf0
                    • Instruction ID: 0df5cc7744d193032bc7bff6686ec75bacb67d9ad5767733b5d92462a88c502f
                    • Opcode Fuzzy Hash: 868ee2678dab0e6b7c3bc9af1cb3949434a580d0728f476c2da74b150453ebf0
                    • Instruction Fuzzy Hash: C7411A31B60216E6DB20AF65E890BEEB3F5EF24710F154026E909E7280EB719DE1C744
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • GlobalAlloc.KERNEL32(00000040,00000000,?,?,00001388,?,0021A2B0,000000A8,00216E7E,00000000,00000000,?), ref: 002144E0
                    • GlobalFree.KERNEL32(?), ref: 0021450F
                    • GlobalFree.KERNEL32(?), ref: 00214590
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Global$Free$Alloc
                    • String ID: %d.%d.%.4d.%d
                    • API String ID: 1780285237-3399825337
                    • Opcode ID: 811ab29323f8c7ede49383dc3f88a98c26c31e8a2e8768546afa5a7fcbca6eda
                    • Instruction ID: a0c884d1d0b42579e5a373291896882af7b2d85b37ae66ed531b4cdea2d0f882
                    • Opcode Fuzzy Hash: 811ab29323f8c7ede49383dc3f88a98c26c31e8a2e8768546afa5a7fcbca6eda
                    • Instruction Fuzzy Hash: DF415C71A10229AFDB20DF65DD45BEEB7B9EB68310F1041A9E90DA3291DB305EA5CF10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 028B11CF
                    • Thread32First.KERNEL32(00000000,?), ref: 028B11E5
                    • Thread32Next.KERNEL32(00000000,0000001C), ref: 028B12CA
                    • CloseHandle.KERNEL32(00000000,00000000,?,00000004,00000000,1002F840), ref: 028B12D8
                    • std::_Xinvalid_argument.LIBCPMT ref: 028B1301
                    • OpenProcess.KERNEL32(00000401,00000000,00000000,?,00000000), ref: 028B1344
                    • OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,00000000), ref: 028B135E
                    • LookupPrivilegeValueA.ADVAPI32(00000000,10027888,?), ref: 028B137F
                    • GetLengthSid.ADVAPI32(?), ref: 028B14D8
                    • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 028B14EC
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 028B1517
                    • CloseHandle.KERNEL32(?), ref: 028B1535
                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 028B154D
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CloseHandleProcess$OpenThread32Token$CreateFirstInformationLengthLookupNextPrivilegeSnapshotTerminateToolhelp32ValueXinvalid_argumentstd::_
                    • String ID:
                    • API String ID: 1460141610-0
                    • Opcode ID: 585106dcbea582aa5b89f23c6e1d5198c5428eee0ebd4bd603b19dd9bfb9c8ca
                    • Instruction ID: 94c7f74fdd1ac102395b93d07cbfcb4b01b74f41dbb7d323f69030177694ac04
                    • Opcode Fuzzy Hash: 585106dcbea582aa5b89f23c6e1d5198c5428eee0ebd4bd603b19dd9bfb9c8ca
                    • Instruction Fuzzy Hash: F9316379E002059FDB15DFA9C994AEEB7F6EF48714F10452EE91ADB780EB70A900CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 028C4EF0
                    • __isleadbyte_l.LIBCMT ref: 028C4F23
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,028B4FA8,?,00000000,00000000,?,?,?,?,028B4FA8,00000000), ref: 028C4F54
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,028B4FA8,00000001,00000000,00000000,?,?,?,?,028B4FA8,00000000), ref: 028C4FC2
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                    • String ID:
                    • API String ID: 3058430110-0
                    • Opcode ID: 565ebf90be6d2ba27df71ed43ede02dd76309b38464449df31bf29b99f565147
                    • Instruction ID: 099d4f024400c45aacee864ca89fe27d33304ce9f3717c9de7b74eff0f200a19
                    • Opcode Fuzzy Hash: 565ebf90be6d2ba27df71ed43ede02dd76309b38464449df31bf29b99f565147
                    • Instruction Fuzzy Hash: 7431CE7DA14246EFDB20DF68C8A0AAA3BA5BF01324F2585ADE459CB590D330D980CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • timeGetTime.WINMM ref: 028A70C2
                    • InterlockedExchange.KERNEL32(?,00000000), ref: 028A70D1
                    • WaitForSingleObject.KERNEL32(?,00001770), ref: 028A7123
                      • Part of subcall function 028A5EC4: GetCurrentThreadId.KERNEL32 ref: 028A5EC8
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CurrentExchangeInterlockedObjectSingleThreadTimeWaittime
                    • String ID:
                    • API String ID: 2244058349-0
                    • Opcode ID: feee2e41c133d1b22d6b796db48a4cc785f19063a248342d5939f06f2871ed36
                    • Instruction ID: e11e6d681b769a1889bc63f2ea0382d6a57fde343a87b3aeb267a764fb95c256
                    • Opcode Fuzzy Hash: feee2e41c133d1b22d6b796db48a4cc785f19063a248342d5939f06f2871ed36
                    • Instruction Fuzzy Hash: 29318675600704ABD630EF69DC85F9BB3E9FF88710F100A0EE54EC7690DB71A4058BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • WSAEventSelect.WS2_32(?,?,00000023), ref: 028A6B7F
                    • WSAGetLastError.WS2_32 ref: 028A6B8A
                    • send.WS2_32(?,00000000,00000000,00000000), ref: 028A6BD8
                    • WSAGetLastError.WS2_32 ref: 028A6BE3
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: ErrorLast$EventSelectsend
                    • String ID:
                    • API String ID: 259408233-0
                    • Opcode ID: cce328325078164802454b0f4326c928382e7be66455a3038faf431385202997
                    • Instruction ID: d1ff73c9f6be9c4f3e6717bf7b628f6d492573e15be7341d418c7f7e37802393
                    • Opcode Fuzzy Hash: cce328325078164802454b0f4326c928382e7be66455a3038faf431385202997
                    • Instruction Fuzzy Hash: 3411607A1017209FE7309B69DD94A57B7ADFB88724F10052EEA5AC3650DB71E841CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _free.LIBCMT ref: 028AA89F
                      • Part of subcall function 028B4A7E: HeapFree.KERNEL32(00000000,00000000,?,028BC21A,00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028B4A94
                      • Part of subcall function 028B4A7E: GetLastError.KERNEL32(00000000,?,028BC21A,00000000,?,0000FFFF,028B5116,028C2A8D), ref: 028B4AA6
                    • _free.LIBCMT ref: 028AA8C8
                    • _free.LIBCMT ref: 028AA8E1
                    • _free.LIBCMT ref: 028AA8FF
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: 84e40c6b2d6390608cd7d32b6d0dbd8e4d58d11965cb3e53cba2c8480c0de28e
                    • Instruction ID: 332d05ab08ab9da9c1f29fa5536a35984a8dbddbf3538aa5146c6e7af5302e47
                    • Opcode Fuzzy Hash: 84e40c6b2d6390608cd7d32b6d0dbd8e4d58d11965cb3e53cba2c8480c0de28e
                    • Instruction Fuzzy Hash: 1711C67FD01630A79B36AB68885196BB3697E4572030A419DDC08AB704DB60EC118BD3
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000104), ref: 028B1F1F
                    • _strncat.LIBCMT ref: 028B1F46
                    • _strncat.LIBCMT ref: 028B1F5C
                    • lstrcpy.KERNEL32(?,?), ref: 028B1F82
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: _strncat$QueryValuelstrcpy
                    • String ID:
                    • API String ID: 3619189195-0
                    • Opcode ID: 19fc74eda0b31321f1ee4a6afbb61d406056d8f7fb5627279503309ea20f620b
                    • Instruction ID: 1678e54c6c9fbe39a0fb5e984e326ab0b36c9394636d1c09dd41a10c6b64e652
                    • Opcode Fuzzy Hash: 19fc74eda0b31321f1ee4a6afbb61d406056d8f7fb5627279503309ea20f620b
                    • Instruction Fuzzy Hash: 57118976901218ABDB25DF94DC88BDEB378FF48314F50018DE609E7280D775AA45CF61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 028A3254: HeapFree.KERNEL32(?,00000000,?,1002703C,?,?,028A5DD5,?,?,?,?,?,10026048,000000FF), ref: 028A3279
                      • Part of subcall function 028A3254: _free.LIBCMT ref: 028A3295
                    • HeapDestroy.KERNEL32(00000000,1002F840,?,?,?,?,100268D3,000000FF), ref: 028B08D4
                    • HeapCreate.KERNEL32(00000001,?,?,1002F840,?,?,?,?,100268D3,000000FF), ref: 028B08E6
                    • _free.LIBCMT ref: 028B08F6
                    • HeapDestroy.KERNEL32(?,?,?,?,?,100268D3,000000FF), ref: 028B0924
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: Heap$Destroy_free$CreateFree
                    • String ID:
                    • API String ID: 4097506873-0
                    • Opcode ID: 4df680f42882b4c39feb1b6a394a33cfa7889398adbc3aa75b4c05e7a9cda114
                    • Instruction ID: ff631944cb16f0c2254e450f1c7fa7a7d2da74ef1617acdb1d88c858115c3b47
                    • Opcode Fuzzy Hash: 4df680f42882b4c39feb1b6a394a33cfa7889398adbc3aa75b4c05e7a9cda114
                    • Instruction Fuzzy Hash: 881128B9900614AFE724CF58C848B97F7E8FF48715F104A1DE89AD3740EB74A904CB90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • std::_Lockit::_Lockit.LIBCPMT ref: 028AA213
                    • std::exception::exception.LIBCMT ref: 028AA24C
                      • Part of subcall function 028B4879: std::exception::_Copy_str.LIBCMT ref: 028B4894
                    • __CxxThrowException@8.LIBCMT ref: 028AA261
                      • Part of subcall function 028B47A5: RaiseException.KERNEL32(?,?,?,?), ref: 028B47E7
                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 028AA268
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
                    • String ID:
                    • API String ID: 73090415-0
                    • Opcode ID: a37d7f815e1c8957e34cd6daf67bb6473fe35b4c7b8da1340fc35f7c02389de4
                    • Instruction ID: 321bdd7f70e7d3c8877a9c02bed9dc9f3fc83e2945ce5e489f9eeed6023cc981
                    • Opcode Fuzzy Hash: a37d7f815e1c8957e34cd6daf67bb6473fe35b4c7b8da1340fc35f7c02389de4
                    • Instruction Fuzzy Hash: 541193B5805748AFC711DF59D880ADAFBF8FB18210F90866EE459D3700D7349604CB95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                    • String ID:
                    • API String ID: 3016257755-0
                    • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                    • Instruction ID: 1dca15dae5f8e25c53a3c71dabb38bc6fdb838be37aa6df51dbb7cd7681aa3d3
                    • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                    • Instruction Fuzzy Hash: 8E11393A04014ABBCF135E88CC45CEE3F66BF59358F498419FE1899234D336D9B1AB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • _malloc.LIBCMT ref: 028B4AD2
                      • Part of subcall function 028B4967: __FF_MSGBANNER.LIBCMT ref: 028B4980
                      • Part of subcall function 028B4967: __NMSG_WRITE.LIBCMT ref: 028B4987
                      • Part of subcall function 028B4967: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 028B49AC
                    • std::exception::exception.LIBCMT ref: 028B4B07
                    • std::exception::exception.LIBCMT ref: 028B4B21
                    • __CxxThrowException@8.LIBCMT ref: 028B4B32
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                    • String ID:
                    • API String ID: 615853336-0
                    • Opcode ID: 4d1f6313a715765cab7a1efdafa5c7e89f937d007e0b4d28f8a416aeb6d99068
                    • Instruction ID: 88b9311ef0a1d8f46eacfd3495a242c82b5908f14b4c6d22c023b5c0643c3c81
                    • Opcode Fuzzy Hash: 4d1f6313a715765cab7a1efdafa5c7e89f937d007e0b4d28f8a416aeb6d99068
                    • Instruction Fuzzy Hash: AFF0F93D40025D7EDF07E758DD629ED367AEF45704F54005DE515E6292DBB08A44CB42
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CloseSleep
                    • String ID:
                    • API String ID: 2834455192-0
                    • Opcode ID: ad443e11dd96ab432f1e54197b681408b650c64e4a458ca4da7973afd4dcc090
                    • Instruction ID: 95d3a5090ef74f037681f30664ea7e8557c2df983809e5d60ed855bc319699c2
                    • Opcode Fuzzy Hash: ad443e11dd96ab432f1e54197b681408b650c64e4a458ca4da7973afd4dcc090
                    • Instruction Fuzzy Hash: FCF01279900219FBE715DBA5CC9DEAE767CBF08305F200048FA0DE6151D770AA068760
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                      • Part of subcall function 00219C98: GetModuleHandleW.KERNEL32(00000000), ref: 00219C9F
                    • __set_app_type.MSVCRT ref: 00219292
                    • __p__fmode.MSVCRT ref: 002192A8
                    • __p__commode.MSVCRT ref: 002192B6
                    • __setusermatherr.MSVCRT ref: 002192D7
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                    • String ID:
                    • API String ID: 1632413811-0
                    • Opcode ID: 83ebca41455352c475164db605f52c07c5da8a0b2f3866d2de697574f1ce5d16
                    • Instruction ID: 3b881b2a546569de3fd826ce91913bacc629518099c43fb446911e25cd0cb60f
                    • Opcode Fuzzy Hash: 83ebca41455352c475164db605f52c07c5da8a0b2f3866d2de697574f1ce5d16
                    • Instruction Fuzzy Hash: 90F0FE74094300EFD314AF30BC1E6D43BA1B739321B20861AE466962E0DF3580D0CE50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • StgOpenStorage.OLE32(?,00000000,00000020,00000000,00000000,?), ref: 00213F75
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: OpenStorage
                    • String ID: &
                    • API String ID: 222319337-1010288
                    • Opcode ID: 1600c6516287466b35413b60b943cf11fa2b25beac75b9c121c4e435a980311e
                    • Instruction ID: dfda37e7b12c7c8e02e9089a6a69a3886717bad54e73eb1a1b0de511ad68addf
                    • Opcode Fuzzy Hash: 1600c6516287466b35413b60b943cf11fa2b25beac75b9c121c4e435a980311e
                    • Instruction Fuzzy Hash: AA91FB70B20219BFDB14EFA4ED99EAEB7B9FB64315B044528F51AD7150DB30AD84CB10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegCreateKeyA.ADVAPI32(80000002,10027628,?), ref: 028A71EA
                    • RegCloseKey.ADVAPI32(?), ref: 028A72BF
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CloseCreate
                    • String ID: SYSTEM\Setup
                    • API String ID: 2932200918-1397563030
                    • Opcode ID: 8464d6c0c44ced1cf27c8e0587422d83482536d9b876ab66e2ae606970febea4
                    • Instruction ID: bf7523ac9de2010cfa8dd7b94f828228240ab7f4faa193596f371848d7189089
                    • Opcode Fuzzy Hash: 8464d6c0c44ced1cf27c8e0587422d83482536d9b876ab66e2ae606970febea4
                    • Instruction Fuzzy Hash: E131827590051AABEF20DB68CC9DFEAB3B8FB48704F5041D9F60DA7140DB71AA498F90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • Sleep.KERNEL32(0000000A), ref: 00218D70
                    • GetProcAddress.KERNEL32(?), ref: 00218DB9
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressProcSleep
                    • String ID: KERNEL32
                    • API String ID: 1175476452-1217789123
                    • Opcode ID: 372cb829af23f7f0861d8a9067e049df81a22168678bef7753411a72ac732ebc
                    • Instruction ID: 071badcfd1586b11861dcf1e0d10a4d8e31209f48746b99e242d47d5cb776ff5
                    • Opcode Fuzzy Hash: 372cb829af23f7f0861d8a9067e049df81a22168678bef7753411a72ac732ebc
                    • Instruction Fuzzy Hash: 860141316103519BDB288B38BC193E63AD8EBB6310F24003ED801C7280DF61CC408790
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • Sleep.KERNEL32(0000000A), ref: 002188D6
                    • GetProcAddress.KERNEL32(?), ref: 0021891F
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressProcSleep
                    • String ID: OLE32
                    • API String ID: 1175476452-2276369563
                    • Opcode ID: e209a67402e61ef98d75d112d5fc53c49b5e154973a1ebaa2501465f2cbbd707
                    • Instruction ID: a4668527999733fa9975da9cecabbd8fa578e517a914d894d0dfc62b0257574a
                    • Opcode Fuzzy Hash: e209a67402e61ef98d75d112d5fc53c49b5e154973a1ebaa2501465f2cbbd707
                    • Instruction Fuzzy Hash: CF012432654256ABDB189F39FC1A6FA3AE9EBA6320F24403DE441C7250EE61CC50C761
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • Sleep.KERNEL32(0000000A), ref: 00218C1F
                    • GetProcAddress.KERNEL32(?), ref: 00218C68
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: AddressProcSleep
                    • String ID: VERSION
                    • API String ID: 1175476452-2153328089
                    • Opcode ID: 549b64877bccf98f3d35ae0b1d9e27857c22044b1ee8c953c050d9be6b8510e2
                    • Instruction ID: b68fc55e10e8460594191702df2b5e54ade732c9bce8d3bdd9dfdc77b8708e35
                    • Opcode Fuzzy Hash: 549b64877bccf98f3d35ae0b1d9e27857c22044b1ee8c953c050d9be6b8510e2
                    • Instruction Fuzzy Hash: D001F1316953119FDB288B35AC5D7E67AE8DBA6320F24403FE841E7250EE61CC818BE0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: CallFrame@12Setting__getptd
                    • String ID: j
                    • API String ID: 3454690891-2137352139
                    • Opcode ID: 94532638dcc6044295679da9101a47b9cf1f94d2050377992a863876b672f514
                    • Instruction ID: e482a859c539c20a88ce5aaff6c70f1b35e866cc58e48370cb60c156b1f9007c
                    • Opcode Fuzzy Hash: 94532638dcc6044295679da9101a47b9cf1f94d2050377992a863876b672f514
                    • Instruction Fuzzy Hash: 2C11BF38804295DFCB12CF68C4447E8BB70BF06328F19808ED9A8AB693C3746951CF91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • __getptd.LIBCMT ref: 028B99DA
                      • Part of subcall function 028BC229: __getptd_noexit.LIBCMT ref: 028BC22C
                      • Part of subcall function 028BC229: __amsg_exit.LIBCMT ref: 028BC239
                    • __getptd.LIBCMT ref: 028B99E8
                    Strings
                    Memory Dump Source
                    • Source File: 00000002.00000002.4476175647.00000000028A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_28a0000_msiexec.jbxd
                    Similarity
                    • API ID: __getptd$__amsg_exit__getptd_noexit
                    • String ID: csm
                    • API String ID: 803148776-1018135373
                    • Opcode ID: b2af965c9d768a64c625c96979692dfc4cc50201f153989c8daca63aa59d2893
                    • Instruction ID: e69444b0de29e94559703640f55ad1e7baa95e94324f05c340cf4ab114d07399
                    • Opcode Fuzzy Hash: b2af965c9d768a64c625c96979692dfc4cc50201f153989c8daca63aa59d2893
                    • Instruction Fuzzy Hash: 13014B3C8002168ACF369FA9D444AEEB7B6AF06211F14642ED55AEA750DB30D5A0DF52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    APIs
                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Microsoft\Windows\Installer,00000000,00020019,HZ!,?,00215A48,?,?,?), ref: 00212F8B
                    Strings
                    • Software\Policies\Microsoft\Windows\Installer, xrefs: 00212F85
                    • HZ!, xrefs: 00212F7F
                    Memory Dump Source
                    • Source File: 00000002.00000002.4475865825.0000000000211000.00000020.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                    • Associated: 00000002.00000002.4475844376.0000000000210000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021D000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 00000002.00000002.4475923312.000000000021F000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_210000_msiexec.jbxd
                    Similarity
                    • API ID: Open
                    • String ID: HZ!$Software\Policies\Microsoft\Windows\Installer
                    • API String ID: 71445658-2340624229
                    • Opcode ID: 16701468e24204dcaa3878880b8d432d4504084cca8537b03c13172e3a5d7155
                    • Instruction ID: 744df80e35da8fd0b31950bdce7b0a5e0c685b82d99a1dedc2c2a69d2b8b7d27
                    • Opcode Fuzzy Hash: 16701468e24204dcaa3878880b8d432d4504084cca8537b03c13172e3a5d7155
                    • Instruction Fuzzy Hash: 94D05E75544288AFFB224A54BC0EBF27AA8C3A4318F144058B60C51466C9648CB58351
                    Uniqueness

                    Uniqueness Score: -1.00%